[Scummvm-git-logs] scummvm master -> dec12f5b6dca67e5d6f47579bfee5ef2d1ab7ed3

[csnover]

This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
444b11b1bb SCI: Fix access violation reading Hoyle1 vocabulary
dec12f5b6d SCI: Guard against potential stack overflow in vocab word parser


Commit: 444b11b1bb7cc01cc26cdd61247eda536c2cb7d5
    https://github.com/scummvm/scummvm/commit/444b11b1bb7cc01cc26cdd61247eda536c2cb7d5
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-05-13T23:45:59-05:00

Commit Message:
SCI: Fix access violation reading Hoyle1 vocabulary

The vocab file for this game does not seem to be valid (other
utilities like SV cannot parse it either), and this game does not
seem to need the parser, so just exit early like the SCI1 branch
when unexpectedly running out of bytes in the vocab file.

Fixes Trac#9765.

Changed paths:
    engines/sci/parser/vocabulary.cpp


diff --git a/engines/sci/parser/vocabulary.cpp b/engines/sci/parser/vocabulary.cpp
index 1f062c6..3989f20 100644
--- a/engines/sci/parser/vocabulary.cpp
+++ b/engines/sci/parser/vocabulary.cpp
@@ -153,11 +153,20 @@ bool Vocabulary::loadParserWords() {
 			}
 		} else {
 			do {
+				if (seeker == resource->size()) {
+					warning("SCI0: Vocabulary not usable, disabling");
+					return false;
+				}
 				c = resource->getUint8At(seeker++);
 				currentWord[currentWordPos++] = c & 0x7f; // 0x80 is used to terminate the string
 			} while (c < 0x80);
 		}
 
+		if (seeker == resource->size()) {
+			warning("Vocabulary not usable, disabling");
+			return false;
+		}
+
 		currentWord[currentWordPos] = 0;
 
 		// Now decode class and group:


Commit: dec12f5b6dca67e5d6f47579bfee5ef2d1ab7ed3
    https://github.com/scummvm/scummvm/commit/dec12f5b6dca67e5d6f47579bfee5ef2d1ab7ed3
Author: Colin Snover (github.com at zetafleet.com)
Date: 2017-05-13T23:45:59-05:00

Commit Message:
SCI: Guard against potential stack overflow in vocab word parser

Changed paths:
    engines/sci/parser/vocabulary.cpp


diff --git a/engines/sci/parser/vocabulary.cpp b/engines/sci/parser/vocabulary.cpp
index 3989f20..2642b6b 100644
--- a/engines/sci/parser/vocabulary.cpp
+++ b/engines/sci/parser/vocabulary.cpp
@@ -142,7 +142,7 @@ bool Vocabulary::loadParserWords() {
 
 		if (resourceType == kVocabularySCI1) {
 			c = 1;
-			while (seeker < resource->size() && currentWordPos < 255 && c) {
+			while (seeker < resource->size() && currentWordPos < ARRAYSIZE(currentWord) - 1 && c) {
 				c = resource->getUint8At(seeker++);
 				currentWord[currentWordPos++] = c;
 			}
@@ -158,6 +158,7 @@ bool Vocabulary::loadParserWords() {
 					return false;
 				}
 				c = resource->getUint8At(seeker++);
+				assert(currentWordPos < ARRAYSIZE(currentWord) - 1);
 				currentWord[currentWordPos++] = c & 0x7f; // 0x80 is used to terminate the string
 			} while (c < 0x80);
 		}