[Scummvm-git-logs] scummvm master -> 145bdc88c93a868f27ee796ed461065326d8cb58

Thu Jan 23 11:21:31 UTC 2020

This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
67263c560c DIRECTOR: LINGO: Add seek size checks to bytecode parser
145bdc88c9 DIRECTOR: LINGO: Only load Lnam with the highest ID


Commit: 67263c560c2808c8e02fc3361d82a03ad3408f0f
    https://github.com/scummvm/scummvm/commit/67263c560c2808c8e02fc3361d82a03ad3408f0f
Author: Scott Percival (code at moral.net.au)
Date: 2020-01-23T18:46:47+08:00

Commit Message:
DIRECTOR: LINGO: Add seek size checks to bytecode parser

Changed paths:
    engines/director/lingo/lingo-bytecode.cpp

diff --git a/engines/director/lingo/lingo-bytecode.cpp b/engines/director/lingo/lingo-bytecode.cpp
index 9627931..0e376c8 100644
--- a/engines/director/lingo/lingo-bytecode.cpp
+++ b/engines/director/lingo/lingo-bytecode.cpp
@@ -553,6 +553,11 @@ void Lingo::addCodeV4(Common::SeekableSubReadStreamEndian &stream, ScriptType ty
 	_currentEntityId = id;
 	_scriptContexts[type][id] = _currentScriptContext;
 
+	if (stream.size() < 0x5c) {
+		warning("Lscr header too small");
+		return;
+	}
+
 	if (debugChannelSet(5, kDebugLoading)) {
 		debugC(5, kDebugLoading, "Lscr header:");
 		stream.hexdump(0x5c);
@@ -586,6 +591,11 @@ void Lingo::addCodeV4(Common::SeekableSubReadStreamEndian &stream, ScriptType ty
 	/*uint16 constsBase = */stream.readUint16();
 
 	// initialise each global variable
+	if (stream.size() < globalsOffset + globalsCount * 2) {
+		warning("Lscr globals store missing");
+		return;
+	}
+
 	debugC(5, kDebugLoading, "Lscr globals list:");
 	stream.seek(globalsOffset);
 	for (uint16 i = 0; i < globalsCount; i++) {
@@ -605,6 +615,12 @@ void Lingo::addCodeV4(Common::SeekableSubReadStreamEndian &stream, ScriptType ty
 	// copy the storage area first.
 	uint32 constsStoreOffset = constsOffset + 6 * constsCount;
 	uint32 constsStoreSize = stream.size() - constsStoreOffset;
+
+	if ((uint32)stream.size() < constsStoreOffset) {
+		warning("Lscr consts store missing");
+		return;
+	}
+
 	stream.seek(constsStoreOffset);
 
 	if (debugChannelSet(5, kDebugLoading)) {
@@ -687,6 +703,11 @@ void Lingo::addCodeV4(Common::SeekableSubReadStreamEndian &stream, ScriptType ty
 	// these are stored as a code storage area, followed by a reference table of 42 byte entries.
 
 	// copy the storage area first.
+	if (stream.size() < functionsOffset) {
+		warning("Lscr functions store missing");
+		return;
+	}
+
 	uint32 codeStoreSize = functionsOffset - codeStoreOffset;
 	stream.seek(codeStoreOffset);
 	byte *codeStore = (byte *)malloc(codeStoreSize);
@@ -900,6 +921,11 @@ void Lingo::addCodeV4(Common::SeekableSubReadStreamEndian &stream, ScriptType ty
 void Lingo::addNamesV4(Common::SeekableSubReadStreamEndian &stream) {
 	debugC(1, kDebugLingoCompile, "Add V4 script name index");
 
+	if (stream.size() < 0x14) {
+		warning("Lnam header too small");
+		return;
+	}
+
 	// read the Lnam header!
 	if (debugChannelSet(5, kDebugLoading)) {
 		debugC(5, kDebugLoading, "Lnam header:");
@@ -917,6 +943,11 @@ void Lingo::addNamesV4(Common::SeekableSubReadStreamEndian &stream) {
 	uint16 offset = stream.readUint16();
 	uint16 count = stream.readUint16();
 
+	if (stream.size() < offset) {
+		warning("Lnam content missing");
+		return;
+	}
+
 	stream.seek(offset);
 
 	_namelist.clear();


Commit: 145bdc88c93a868f27ee796ed461065326d8cb58
    https://github.com/scummvm/scummvm/commit/145bdc88c93a868f27ee796ed461065326d8cb58
Author: Scott Percival (code at moral.net.au)
Date: 2020-01-23T19:20:15+08:00

Commit Message:
DIRECTOR: LINGO: Only load Lnam with the highest ID

Changed paths:
    engines/director/score.cpp


diff --git a/engines/director/score.cpp b/engines/director/score.cpp
index c001782..5051f9d 100644
--- a/engines/director/score.cpp
+++ b/engines/director/score.cpp
@@ -204,11 +204,13 @@ void Score::loadArchive() {
 	if (_vm->getVersion() >= 4) {
 		Common::Array<uint16> lnam =  _movieArchive->getResourceIDList(MKTAG('L','n','a','m'));
 		if (lnam.size() > 0) {
-			debugC(2, kDebugLoading, "****** Loading %d Lnam resources", lnam.size());
 
+			int maxLnam = -1;
 			for (Common::Array<uint16>::iterator iterator = lnam.begin(); iterator != lnam.end(); ++iterator) {
-				loadLingoNames(*_movieArchive->getResource(MKTAG('L','n','a','m'), *iterator));
+				maxLnam = MAX(maxLnam, (int)*iterator);
 			}
+			debugC(2, kDebugLoading, "****** Loading Lnam resource with highest ID (%d)", maxLnam);
+			loadLingoNames(*_movieArchive->getResource(MKTAG('L','n','a','m'), maxLnam));
 		}
 	}
 


