[Scummvm-git-logs] scummvm master -> 8bac8836b11f12b837eb88327d183103fb866c89

[wjp]

This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
8bac8836b1 SCI: Fix up readString writing into too small buffer


Commit: 8bac8836b11f12b837eb88327d183103fb866c89
    https://github.com/scummvm/scummvm/commit/8bac8836b11f12b837eb88327d183103fb866c89
Author: Willem Jan Palenstijn (wjp at usecode.org)
Date: 2017-02-27T16:02:20+01:00

Commit Message:
SCI: Fix up readString writing into too small buffer

This fixes QfG4 character import, which specifies a size of 52 for a
buffer of size 40.

Changed paths:
    engines/sci/engine/kfile.cpp


diff --git a/engines/sci/engine/kfile.cpp b/engines/sci/engine/kfile.cpp
index 25483b6..6f9aa0d 100644
--- a/engines/sci/engine/kfile.cpp
+++ b/engines/sci/engine/kfile.cpp
@@ -627,6 +627,21 @@ reg_t kFileIOReadString(EngineState *s, int argc, reg_t *argv) {
 
 	bytesRead = fgets_wrapper(s, buf, maxsize, handle);
 
+	// Fix up size too large for destination.
+	SegmentRef dest_r = s->_segMan->dereference(argv[0]);
+	if (!dest_r.isValid()) {
+		error("kFileIO(readString): invalid destination %04x:%04x", PRINT_REG(argv[0]));
+	} else if ((int)bytesRead > dest_r.maxSize) {
+		error("kFileIO(readString) attempting to read %u bytes into buffer of size %u", bytesRead, dest_r.maxSize);
+	} else if (maxsize > dest_r.maxSize) {
+		// This happens at least in the QfG4 character import.
+		// CHECKME: We zero the remainder of the dest buffer, while
+		// at least several (and maybe all) SSCI interpreters didn't do this.
+		// Therefore this warning is presumably no problem.
+		warning("kFileIO(readString) attempting to copy %u bytes into buffer of size %u (%u/%u bytes actually read)", maxsize, dest_r.maxSize, bytesRead, maxsize);
+		maxsize = dest_r.maxSize;
+	}
+
 	s->_segMan->memcpy(argv[0], (const byte*)buf, maxsize);
 	delete[] buf;
 	return bytesRead ? argv[0] : NULL_REG;