[Scummvm-git-logs] scummvm master -> b5241be2480bd90692b18421bba6b0e94065b730
sluicebox
22204938+sluicebox at users.noreply.github.com
Sat Nov 21 08:52:51 UTC 2020
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
b5241be248 SCI: Fix buffer overflow when loading Korean font
Commit: b5241be2480bd90692b18421bba6b0e94065b730
https://github.com/scummvm/scummvm/commit/b5241be2480bd90692b18421bba6b0e94065b730
Author: sluicebox (22204938+sluicebox at users.noreply.github.com)
Date: 2020-11-21T00:51:26-08:00
Commit Message:
SCI: Fix buffer overflow when loading Korean font
Fixes bug #11966
Changed paths:
graphics/korfont.cpp
diff --git a/graphics/korfont.cpp b/graphics/korfont.cpp
index 0a0b4c36e3..0933164eab 100644
--- a/graphics/korfont.cpp
+++ b/graphics/korfont.cpp
@@ -296,6 +296,10 @@ bool FontKoreanSVM::loadData(const char *fontFile) {
uint numChars16x16 = data->readUint16BE();
uint numChars8x16 = data->readUint16BE();
uint numChars8x8 = data->readUint16BE();
+ if (data->err()) {
+ delete data;
+ return false;
+ }
if (_fontWidth == 16) {
_fontData16x16Size = numChars16x16 * 32;
@@ -304,10 +308,12 @@ bool FontKoreanSVM::loadData(const char *fontFile) {
data->read(_fontData16x16, _fontData16x16Size);
_fontData8x16Size = numChars8x16 * 16;
- _fontData8x16 = new uint8[numChars8x16 * 16];
+ _fontData8x16 = new uint8[_fontData8x16Size];
assert(_fontData8x16);
- for (uint i=0; i < _fontData8x16Size; i++)
- data->read(&_fontData8x16[i], 2);
+ for (uint i = 0; i < _fontData8x16Size; ++i) {
+ _fontData8x16[i] = data->readByte();
+ data->skip(1);
+ }
} else {
data->skip(numChars16x16 * 32);
data->skip(numChars8x16 * 32);
More information about the Scummvm-git-logs
mailing list