[Scummvm-git-logs] scummvm master -> a62f7600cbdfd5edbc895d3721fd023cf5e180bb
orgads
noreply at scummvm.org
Tue Nov 16 17:51:16 UTC 2021
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
a62f7600cb GOB: Fix potential stack overflow
Commit: a62f7600cbdfd5edbc895d3721fd023cf5e180bb
https://github.com/scummvm/scummvm/commit/a62f7600cbdfd5edbc895d3721fd023cf5e180bb
Author: Orgad Shaneh (orgads at gmail.com)
Date: 2021-11-16T19:51:12+02:00
Commit Message:
GOB: Fix potential stack overflow
Changed paths:
engines/gob/inter_v2.cpp
diff --git a/engines/gob/inter_v2.cpp b/engines/gob/inter_v2.cpp
index 980866b1ba..222b4d672c 100644
--- a/engines/gob/inter_v2.cpp
+++ b/engines/gob/inter_v2.cpp
@@ -1088,36 +1088,37 @@ void Inter_v2::o2_printText(OpFuncParams ¶ms) {
}
do {
- for (i = 0; (_vm->_game->_script->peekChar() != '.') &&
+ for (i = 0; i < 59 && (_vm->_game->_script->peekChar() != '.') &&
(_vm->_game->_script->peekByte() != 200); i++) {
buf[i] = _vm->_game->_script->readChar();
}
+ const int limit = MAX(60 - i, 0);
if (_vm->_game->_script->peekByte() != 200) {
_vm->_game->_script->skip(1);
switch (_vm->_game->_script->peekByte()) {
case TYPE_VAR_INT8:
case TYPE_ARRAY_INT8:
- sprintf(buf + i, "%d",
+ snprintf(buf + i, limit, "%d",
(int8) READ_VARO_UINT8(_vm->_game->_script->readVarIndex()));
break;
case TYPE_VAR_INT16:
case TYPE_VAR_INT32_AS_INT16:
case TYPE_ARRAY_INT16:
- sprintf(buf + i, "%d",
+ snprintf(buf + i, limit, "%d",
(int16) READ_VARO_UINT16(_vm->_game->_script->readVarIndex()));
break;
case TYPE_VAR_INT32:
case TYPE_ARRAY_INT32:
- sprintf(buf + i, "%d",
+ snprintf(buf + i, limit, "%d",
(int32)VAR_OFFSET(_vm->_game->_script->readVarIndex()));
break;
case TYPE_VAR_STR:
case TYPE_ARRAY_STR:
- sprintf(buf + i, "%s",
+ snprintf(buf + i, limit, "%s",
GET_VARO_STR(_vm->_game->_script->readVarIndex()));
break;
More information about the Scummvm-git-logs
mailing list