[Scummvm-git-logs] scummvm master -> fc024141b7875bbc030d313066d01741c879e97d
criezy
criezy at scummvm.org
Wed Jul 21 21:30:50 UTC 2021
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
fc024141b7 CGE2: Fix heap buffer overflow
Commit: fc024141b7875bbc030d313066d01741c879e97d
https://github.com/scummvm/scummvm/commit/fc024141b7875bbc030d313066d01741c879e97d
Author: Thierry Crozat (criezy at scummvm.org)
Date: 2021-07-21T22:30:37+01:00
Commit Message:
CGE2: Fix heap buffer overflow
This was reported by address-sanitizer.
When the command is kCmdGhost, the Sprite pointer is not a valid
sprite, and trying to access its content causes a buffer overflow.
In normal usage it was not causing issues as while it reads some
random values in memory, this was then ignore.
Changed paths:
engines/cge2/snail.cpp
diff --git a/engines/cge2/snail.cpp b/engines/cge2/snail.cpp
index ce05d763e6..eb95b9cd52 100644
--- a/engines/cge2/snail.cpp
+++ b/engines/cge2/snail.cpp
@@ -103,7 +103,7 @@ void CommandHandler::runCommand() {
spr = (tailCmd._ref < 0) ? ((Sprite *)tailCmd._spritePtr) : _vm->locate(tailCmd._ref);
Common::String sprStr;
- if (spr && *spr->_file && (tailCmd._commandType != kCmdGhost))
+ if (tailCmd._commandType != kCmdGhost && spr && *spr->_file)
// In case of kCmdGhost _spritePtr stores a pointer to a Bitmap, not to a Sprite...
sprStr = Common::String(spr->_file);
else
More information about the Scummvm-git-logs
mailing list