[Scummvm-git-logs] scummvm branch-2-2 -> 990a52cc589e4555ada37848f29e700395b3a578

athrxx athrxx at scummvm.org
Sat Nov 7 19:10:25 UTC 2020 

This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
85866382c4 KYRA: Fix crash in Siberian Goblin translation of HoF (#2609)
990a52cc58 SCUMM: (MI1/SegaCD/JP) -  fix bug 11943


Commit: 85866382c4e90c57a6903d20bb1eb46121146953
    https://github.com/scummvm/scummvm/commit/85866382c4e90c57a6903d20bb1eb46121146953
Author: Vladimir Serbinenko (phcoder at google.com)
Date: 2020-11-07T20:07:18+01:00

Commit Message:
KYRA: Fix crash in Siberian Goblin translation of HoF (#2609)

* KYRA: don't attempt to execute functions out of bounds

This fixes crash in Siberian Goblin translation of HoF on scarecrow scene

* KYRA: Add sanity check not to execut out of bounds

Changed paths:
    engines/kyra/script/script.cpp
    engines/kyra/script/script.h


diff --git a/engines/kyra/script/script.cpp b/engines/kyra/script/script.cpp
index 27c9643034..b53de0475a 100644
--- a/engines/kyra/script/script.cpp
+++ b/engines/kyra/script/script.cpp
@@ -70,6 +70,7 @@ bool EMCInterpreter::callback(Common::IFFChunk &chunk) {
 
 	case MKTAG('O','R','D','R'):
 		_scriptData->ordr = new uint16[chunk._size >> 1];
+		_scriptData->ordrSize = chunk._size;
 		assert(_scriptData->ordr);
 		if (chunk._stream->read(_scriptData->ordr, chunk._size) != chunk._size)
 			error("Couldn't read ORDR chunk from file '%s'", _filename);
@@ -80,6 +81,7 @@ bool EMCInterpreter::callback(Common::IFFChunk &chunk) {
 
 	case MKTAG('D','A','T','A'):
 		_scriptData->data = new uint16[chunk._size >> 1];
+		_scriptData->dataSize = chunk._size;
 		assert(_scriptData->data);
 		if (chunk._stream->read(_scriptData->data, chunk._size) != chunk._size)
 			error("Couldn't read DATA chunk from file '%s'", _filename);
@@ -156,6 +158,9 @@ bool EMCInterpreter::start(EMCState *script, int function) {
 	if (!script->dataPtr)
 		return false;
 
+	if (function >= (int) script->dataPtr->ordrSize / 2 || function < 0)
+		return false;
+
 	uint16 functionOffset = script->dataPtr->ordr[function];
 	if (functionOffset == 0xFFFF)
 		return false;
@@ -166,6 +171,8 @@ bool EMCInterpreter::start(EMCState *script, int function) {
 		else
 			script->ip = &script->dataPtr->data[functionOffset];
 	} else {
+		if (functionOffset+1 >= (int) script->dataPtr->dataSize / 2)
+			return false;
 		script->ip = &script->dataPtr->data[functionOffset+1];
 	}
 
@@ -187,6 +194,10 @@ bool EMCInterpreter::run(EMCState *script) {
 	// Should be no Problem at all to cast to uint32 here, since that's the biggest ptrdiff the original
 	// would allow, of course that's not realistic to happen to be somewhere near the limit of uint32 anyway.
 	const uint32 instOffset = (uint32)((const byte *)script->ip - (const byte *)script->dataPtr->data);
+	if ((int32)instOffset < 0 || instOffset >= script->dataPtr->dataSize) {
+		error("Attempt to execute out of bounds: 0x%.08X out of 0x%.08X",
+		      instOffset, script->dataPtr->dataSize);
+	}
 	int16 code = *script->ip++;
 	int16 opcode = (code >> 8) & 0x1F;
 
diff --git a/engines/kyra/script/script.h b/engines/kyra/script/script.h
index 12a44b0a03..73f14b3f5c 100644
--- a/engines/kyra/script/script.h
+++ b/engines/kyra/script/script.h
@@ -38,8 +38,9 @@ struct EMCData {
 
 	byte *text;
 	uint16 *data;
+	uint32 ordrSize;
 	uint16 *ordr;
-	uint16 dataSize;
+	uint32 dataSize;
 
 	const Common::Array<const Opcode *> *sysFuncs;
 };


Commit: 990a52cc589e4555ada37848f29e700395b3a578
    https://github.com/scummvm/scummvm/commit/990a52cc589e4555ada37848f29e700395b3a578
Author: athrxx (athrxx at scummvm.org)
Date: 2020-11-07T20:07:28+01:00

Commit Message:
SCUMM: (MI1/SegaCD/JP) -  fix bug 11943

(SCUMM: Invalid text rendering with Monkey Island 1 (SegaCD Japanese))

Only add vs->xstart offset if the font is actually rendered on the vs.

Changed paths:
    engines/scumm/charset.cpp


diff --git a/engines/scumm/charset.cpp b/engines/scumm/charset.cpp
index 1f9c5759de..c048807574 100644
--- a/engines/scumm/charset.cpp
+++ b/engines/scumm/charset.cpp
@@ -848,7 +848,7 @@ void CharsetRendererClassic::printCharIntern(bool is2byte, const byte *charPtr,
 	} else {
 		Graphics::Surface dstSurface;
 		Graphics::Surface backSurface;
-		if ((ignoreCharsetMask || !vs->hasTwoBuffers)) {
+		if (ignoreCharsetMask || !vs->hasTwoBuffers) {
 			dstSurface = *vs;
 			dstPtr = vs->getPixels(_left, drawTop);
 		} else {
@@ -868,7 +868,7 @@ void CharsetRendererClassic::printCharIntern(bool is2byte, const byte *charPtr,
 		}
 
 		if (is2byte && _vm->_game.platform != Common::kPlatformFMTowns)
-			drawBits1(dstSurface, _left + vs->xstart, drawTop, charPtr, drawTop, origWidth, origHeight);
+			drawBits1(dstSurface, (ignoreCharsetMask || !vs->hasTwoBuffers) ? _left + vs->xstart : _left, drawTop, charPtr, drawTop, origWidth, origHeight);
 		else
 			drawBitsN(dstSurface, dstPtr, charPtr, *_fontPtr, drawTop, origWidth, origHeight);

More information about the Scummvm-git-logs mailing list