[Scummvm-git-logs] scummvm master -> f50b45b5576570e2dfb865bef2cbe4c15a51b4c2

Sat Mar 14 00:23:14 UTC 2020

This automated email contains information about 3 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
117ceb5758 PRINCE: Fix potential buffer overflow
1817cbd6b4 PRINCE: Initialize class variables
f50b45b557 PRINCE: Added sanity check to image decompressor


Commit: 117ceb575832144303e385a14ffdc6f6cb915a59
    https://github.com/scummvm/scummvm/commit/117ceb575832144303e385a14ffdc6f6cb915a59
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2020-03-14T01:22:03+01:00

Commit Message:
PRINCE: Fix potential buffer overflow

Changed paths:
    engines/prince/script.cpp

diff --git a/engines/prince/script.cpp b/engines/prince/script.cpp
index c26b7bb2e3..801f1ae1e2 100644
--- a/engines/prince/script.cpp
+++ b/engines/prince/script.cpp
@@ -1014,7 +1014,7 @@ void Interpreter::O_GETMOBTEXT() {
 	int32 mob = readScriptFlagValue();
 	debugInterpreter("O_GETMOBTEXT mob %d", mob);
 	_currentString = _vm->_locationNr * 100 + mob + 60001;
-	strncpy((char *)_stringBuf, _vm->_mobList[mob]._examText.c_str(), 1024);
+	strncpy((char *)_stringBuf, _vm->_mobList[mob]._examText.c_str(), 1023);
 	_string = _stringBuf;
 }
 
@@ -1831,7 +1831,7 @@ void Interpreter::O_DISABLENAK() {
 void Interpreter::O_GETMOBNAME() {
 	int32 modId = readScriptFlagValue();
 	debugInterpreter("O_GETMOBNAME modId %d", modId);
-	strncpy((char *)_stringBuf, _vm->_mobList[modId]._name.c_str(), 1024);
+	strncpy((char *)_stringBuf, _vm->_mobList[modId]._name.c_str(), 1023);
 	_string = _stringBuf;
 }
 


Commit: 1817cbd6b4c2aa2e6f55920517a70a2039f64146
    https://github.com/scummvm/scummvm/commit/1817cbd6b4c2aa2e6f55920517a70a2039f64146
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2020-03-14T01:22:03+01:00

Commit Message:
PRINCE: Initialize class variables

Changed paths:
    engines/prince/script.cpp


diff --git a/engines/prince/script.cpp b/engines/prince/script.cpp
index 801f1ae1e2..15b1a796bf 100644
--- a/engines/prince/script.cpp
+++ b/engines/prince/script.cpp
@@ -442,6 +442,17 @@ Interpreter::Interpreter(PrinceEngine *vm, Script *script, InterpreterFlags *fla
 	_fgOpcodePC = _script->getStartGameOffset();
 	_bgOpcodePC = 0;
 
+	_currentInstruction = 0;
+	_lastOpcode = 0;
+	_lastInstruction = 0;
+
+	_string = nullptr;
+	_currentString = 0;
+
+	_stringStack.string = nullptr;
+	_stringStack.dialogData = nullptr;
+	_stringStack.currentString = 0;
+
 	memset(_stringBuf, 1, 1024);
 }
 


Commit: f50b45b5576570e2dfb865bef2cbe4c15a51b4c2
    https://github.com/scummvm/scummvm/commit/f50b45b5576570e2dfb865bef2cbe4c15a51b4c2
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2020-03-14T01:22:54+01:00

Commit Message:
PRINCE: Added sanity check to image decompressor

Changed paths:
    engines/prince/decompress.cpp


diff --git a/engines/prince/decompress.cpp b/engines/prince/decompress.cpp
index eda992c093..67f6340f6e 100644
--- a/engines/prince/decompress.cpp
+++ b/engines/prince/decompress.cpp
@@ -150,7 +150,9 @@ void Decompressor::decompress(byte *source, byte *dest, uint32 destSize) {
 			if (_dst >= destEnd) {
 				return;
 			}
-			*_dst = *(_dst - offset);
+
+			if (_dst - offset >= dest)
+				*_dst = *(_dst - offset);
 			_dst++;
 		}
 	}


