[Scummvm-git-logs] scummvm master -> 125f69999751210f912a25c509191114c7381c60
madmoose
thomas at fach-pedersen.net
Mon Oct 24 19:43:14 CEST 2016
This automated email contains information about 6 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
ec880c549a BLADERUNNER: Fix resource leak (CID 1364202)
c64767b202 BLADERUNNER: Fix null pointer dereference (CID 1364205)
4b6e0f0e7d BLADERUNNER: Fix out-of-bounds read (CID 1364207)
e0a04a3185 BLADERUNNER: Fix out-of-bounds access in voiceover actor (multiple CIDs)
8045edab27 BLADERUNNER: Fix out-of-bounds write (CID 1364262)
125f699997 BLADERUNNER: Fix potential buffer overrun (CID 1364276)
Commit: ec880c549a65a18101bff9ba0620796699d94249
https://github.com/scummvm/scummvm/commit/ec880c549a65a18101bff9ba0620796699d94249
Author: Thomas Fach-Pedersen (thomas at fach-pedersen.net)
Date: 2016-10-24T19:40:18+02:00
Commit Message:
BLADERUNNER: Fix resource leak (CID 1364202)
Changed paths:
engines/bladerunner/waypoints.cpp
diff --git a/engines/bladerunner/waypoints.cpp b/engines/bladerunner/waypoints.cpp
index bd78693..7f70996 100644
--- a/engines/bladerunner/waypoints.cpp
+++ b/engines/bladerunner/waypoints.cpp
@@ -30,6 +30,7 @@ Waypoints::Waypoints(BladeRunnerEngine *vm, int count) {
}
Waypoints::~Waypoints() {
+ delete[] _waypoints;
}
void Waypoints::getXYZ(int waypointId, float *x, float *y, float *z) {
Commit: c64767b202f9264447829ac827fc5207c36d8978
https://github.com/scummvm/scummvm/commit/c64767b202f9264447829ac827fc5207c36d8978
Author: Thomas Fach-Pedersen (thomas at fach-pedersen.net)
Date: 2016-10-24T19:40:18+02:00
Commit Message:
BLADERUNNER: Fix null pointer dereference (CID 1364205)
Changed paths:
engines/bladerunner/set_effects.cpp
diff --git a/engines/bladerunner/set_effects.cpp b/engines/bladerunner/set_effects.cpp
index 8954b6f..f0a0ed5 100644
--- a/engines/bladerunner/set_effects.cpp
+++ b/engines/bladerunner/set_effects.cpp
@@ -77,18 +77,16 @@ void SetEffects::read(Common::ReadStream *stream, int framesCount) {
}
void SetEffects::reset() {
- Fog *fog, *nextFog;
+ Fog *nextFog;
if (!_fogs)
return;
do {
- fog = _fogs;
- nextFog = fog->_next;
- delete fog;
- fog = nextFog;
+ nextFog = _fogs->_next;
+ delete this->_fogs;
+ this->_fogs = nextFog;
} while (nextFog);
-
}
void SetEffects::setupFrame(int frame) {
Commit: 4b6e0f0e7d68e61b5870431d3aded6f7950f2282
https://github.com/scummvm/scummvm/commit/4b6e0f0e7d68e61b5870431d3aded6f7950f2282
Author: Thomas Fach-Pedersen (thomas at fach-pedersen.net)
Date: 2016-10-24T19:40:18+02:00
Commit Message:
BLADERUNNER: Fix out-of-bounds read (CID 1364207)
Changed paths:
engines/bladerunner/suspects_database.h
diff --git a/engines/bladerunner/suspects_database.h b/engines/bladerunner/suspects_database.h
index 83e551b..472e340 100644
--- a/engines/bladerunner/suspects_database.h
+++ b/engines/bladerunner/suspects_database.h
@@ -35,7 +35,7 @@ class TextResource;
#define NONREPLICANT_CLUES_COUNT 20
#define OTHER_CLUES_COUNT 20
#define IDENTITY_CLUES_COUNT 10
-#define PHOTO_CLUES_COUNT 10
+#define PHOTO_CLUES_COUNT 6
class SuspectDatabaseEntry {
BladeRunnerEngine *_vm;
@@ -48,7 +48,7 @@ class SuspectDatabaseEntry {
int _nonReplicantClues[NONREPLICANT_CLUES_COUNT];
int _otherClues[OTHER_CLUES_COUNT];
int _identityClues[IDENTITY_CLUES_COUNT];
- int _photoClues[6][3];
+ int _photoClues[PHOTO_CLUES_COUNT][3];
int _moCluesCount;
int _whereaboutsCluesCount;
int _replicantCluesCount;
Commit: e0a04a3185d92b0979babdf23a3eaf49c5d815a8
https://github.com/scummvm/scummvm/commit/e0a04a3185d92b0979babdf23a3eaf49c5d815a8
Author: Thomas Fach-Pedersen (thomas at fach-pedersen.net)
Date: 2016-10-24T19:40:18+02:00
Commit Message:
BLADERUNNER: Fix out-of-bounds access in voiceover actor (multiple CIDs)
CID 1364219
CID 1364223
Changed paths:
engines/bladerunner/actor.cpp
engines/bladerunner/adq.cpp
engines/bladerunner/bladerunner.cpp
engines/bladerunner/bladerunner.h
engines/bladerunner/script/script.cpp
diff --git a/engines/bladerunner/actor.cpp b/engines/bladerunner/actor.cpp
index c778a6d..9a8892c 100644
--- a/engines/bladerunner/actor.cpp
+++ b/engines/bladerunner/actor.cpp
@@ -868,7 +868,7 @@ void Actor::speechPlay(int sentenceId, bool voiceOver) {
sprintf(name, "%02d-%04d.AUD", _id, sentenceId); //TODO somewhere here should be also language code
int balance;
- if (voiceOver || _id == 99) {
+ if (voiceOver || _id == VOICEOVER_ACTOR) {
balance = 0;
} else {
// Vector3 pos = _vm->_view->_frameViewMatrix * _position;
@@ -910,7 +910,7 @@ void Actor::copyClues(int actorId) {
for (int i = 0; i < (int)_vm->_gameInfo->getClueCount(); i++) {
if (hasClue(i) && !_clues->isFlag4(i) && !otherActor->hasClue(i)) {
int fromActorId = _id;
- if (_id == 99)
+ if (_id == VOICEOVER_ACTOR)
fromActorId = _clues->getFromActorId(i);
otherActor->acquireClue(i, 0, fromActorId);
}
diff --git a/engines/bladerunner/adq.cpp b/engines/bladerunner/adq.cpp
index ca72497..d2d3dec 100644
--- a/engines/bladerunner/adq.cpp
+++ b/engines/bladerunner/adq.cpp
@@ -50,7 +50,7 @@ ADQ::~ADQ() {
}
void ADQ::add(int actorId, int sentenceId, int animationMode) {
- if (actorId == 0 || actorId == 99) {
+ if (actorId == 0 || actorId == VOICEOVER_ACTOR) {
animationMode = -1;
}
if (_entries.size() < 25) {
diff --git a/engines/bladerunner/bladerunner.cpp b/engines/bladerunner/bladerunner.cpp
index 6fe66d0..33110c0 100644
--- a/engines/bladerunner/bladerunner.cpp
+++ b/engines/bladerunner/bladerunner.cpp
@@ -236,12 +236,12 @@ bool BladeRunnerEngine::startup(bool hasSavegames) {
_zBuffer2 = new uint16[640 * 480];
int actorCount = (int)_gameInfo->getActorCount();
- assert(actorCount < 99);
+ assert(actorCount < ACTORS_COUNT);
for (int i = 0; i != actorCount; ++i) {
_actors[i] = new Actor(this, i);
_actors[i]->setup(i);
}
- _voiceoverActor = new Actor(this, 99);
+ _actors[VOICEOVER_ACTOR] = new Actor(this, VOICEOVER_ACTOR);
_playerActor = _actors[_gameInfo->getPlayerId()];
_playerActor->setFPS(15);
diff --git a/engines/bladerunner/bladerunner.h b/engines/bladerunner/bladerunner.h
index bbef178..b0eb459 100644
--- a/engines/bladerunner/bladerunner.h
+++ b/engines/bladerunner/bladerunner.h
@@ -64,6 +64,9 @@ class TextResource;
class View;
class Waypoints;
+#define ACTORS_COUNT 100
+#define VOICEOVER_ACTOR (ACTORS_COUNT - 1)
+
class BladeRunnerEngine : public Engine {
public:
bool _gameIsRunning;
@@ -107,8 +110,7 @@ public:
Common::Array<Shape*> _shapes;
- Actor *_actors[99];
- Actor *_voiceoverActor;
+ Actor *_actors[ACTORS_COUNT];
Actor *_playerActor;
int in_script_counter;
diff --git a/engines/bladerunner/script/script.cpp b/engines/bladerunner/script/script.cpp
index 060f877..b0bb638 100644
--- a/engines/bladerunner/script/script.cpp
+++ b/engines/bladerunner/script/script.cpp
@@ -432,11 +432,13 @@ void ScriptBase::Actor_Voice_Over(int sentenceId, int actorId) {
#endif
void ScriptBase::Actor_Voice_Over(int sentenceId, int actorId) {
+ assert(actorId < ACTORS_COUNT);
+
_vm->gameWaitForActive();
_vm->loopActorSpeaking();
_vm->_adq->flush(1, true);
- Actor *actor = (actorId == 99) ? _vm->_voiceoverActor : _vm->_actors[actorId];
+ Actor *actor = _vm->_actors[actorId];
actor->speechPlay(sentenceId, true);
Player_Loses_Control();
@@ -458,7 +460,7 @@ void ScriptBase::Actor_Start_Speech_Sample(int actorId, int sentenceId) {
void ScriptBase::Actor_Start_Voice_Over_Sample(int sentenceId) {
_vm->loopActorSpeaking();
- _vm->_voiceoverActor->speechPlay(sentenceId, true);
+ _vm->_actors[VOICEOVER_ACTOR]->speechPlay(sentenceId, true);
}
int ScriptBase::Actor_Query_Which_Set_In(int actorId) {
@@ -646,11 +648,11 @@ bool ScriptBase::Actor_Clue_Query(int actorId, int clueId) {
}
void ScriptBase::Actor_Clues_Transfer_New_To_Mainframe(int actorId) {
- _vm->_actors[actorId]->copyClues(99);
+ _vm->_actors[actorId]->copyClues(VOICEOVER_ACTOR);
}
void ScriptBase::Actor_Clues_Transfer_New_From_Mainframe(int actorId) {
- _vm->_voiceoverActor->copyClues(actorId);
+ _vm->_actors[VOICEOVER_ACTOR]->copyClues(actorId);
}
void ScriptBase::Actor_Set_Invisible(int actorId, bool isInvisible) {
Commit: 8045edab27488ba3cc849be613afe893cb4317e5
https://github.com/scummvm/scummvm/commit/8045edab27488ba3cc849be613afe893cb4317e5
Author: Thomas Fach-Pedersen (thomas at fach-pedersen.net)
Date: 2016-10-24T19:40:18+02:00
Commit Message:
BLADERUNNER: Fix out-of-bounds write (CID 1364262)
Changed paths:
engines/bladerunner/movement_track.cpp
diff --git a/engines/bladerunner/movement_track.cpp b/engines/bladerunner/movement_track.cpp
index 60a190a..bd74116 100644
--- a/engines/bladerunner/movement_track.cpp
+++ b/engines/bladerunner/movement_track.cpp
@@ -50,7 +50,7 @@ int MovementTrack::append(int waypointId, int delay, int running) {
}
int MovementTrack::append(int waypointId, int delay, int angle, int running) {
- if (_lastIndex > ARRAYSIZE(_entries))
+ if (_lastIndex >= ARRAYSIZE(_entries))
return 0;
_entries[_lastIndex].waypointId = waypointId;
Commit: 125f69999751210f912a25c509191114c7381c60
https://github.com/scummvm/scummvm/commit/125f69999751210f912a25c509191114c7381c60
Author: Thomas Fach-Pedersen (thomas at fach-pedersen.net)
Date: 2016-10-24T19:40:18+02:00
Commit Message:
BLADERUNNER: Fix potential buffer overrun (CID 1364276)
Changed paths:
engines/bladerunner/ambient_sounds.cpp
diff --git a/engines/bladerunner/ambient_sounds.cpp b/engines/bladerunner/ambient_sounds.cpp
index c33deef..aaf6c01 100644
--- a/engines/bladerunner/ambient_sounds.cpp
+++ b/engines/bladerunner/ambient_sounds.cpp
@@ -185,6 +185,10 @@ void AmbientSounds::addSoundByName(
int pan1begin, int pan1end,
int pan2begin, int pan2end,
int priority, int unk3) {
+ if (strlen(name) > 12) {
+ error("AmbientSounds::addSoundByName: Overlong name '%s'", name);
+ }
+
int i = findAvailableNonLoopingTrack();
if (i < 0)
return;
More information about the Scummvm-git-logs
mailing list