[Scummvm-git-logs] scummvm branch-2-3 -> c741f733a0c6cdc9ccaa8c219b098cc1a445373c

Wed Sep 8 00:14:17 UTC 2021

This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
de03f549ae SUPERNOVA: Fix buffer overflow for two dialogs
c741f733a0 SUPERNOVA: Fix use-after-free bug when dying


Commit: de03f549aea5056463cea6d30b392e1222b23734
    https://github.com/scummvm/scummvm/commit/de03f549aea5056463cea6d30b392e1222b23734
Author: Thierry Crozat (criezy at scummvm.org)
Date: 2021-09-08T01:08:30+01:00

Commit Message:
SUPERNOVA: Fix buffer overflow for two dialogs

This was partially caused by a bug in the original source code
that was missing a comma between two strings for those two dialogs.
The original did not have a buffer overflow, but was not correctly
displaying the strings.

This fixes bug #12856.

Changed paths:
    devtools/create_supernova/create_supernova.h
    devtools/create_supernova/gametext.h
    devtools/create_supernova/strings2-en.po
    dists/engine-data/supernova.dat
    engines/supernova/supernova.cpp
    engines/supernova/supernova.h
    engines/supernova/supernova2/rooms.cpp
    engines/supernova/supernova2/stringid.h

diff --git a/devtools/create_supernova/create_supernova.h b/devtools/create_supernova/create_supernova.h
index 858395caea..bd1aa1f1d5 100644
--- a/devtools/create_supernova/create_supernova.h
+++ b/devtools/create_supernova/create_supernova.h
@@ -26,7 +26,7 @@
 #ifndef CREATE_SUPERNOVA_H
 #define CREATE_SUPERNOVA_H
 
-#define VERSION 3
+#define VERSION 4
 
 
 
diff --git a/devtools/create_supernova/gametext.h b/devtools/create_supernova/gametext.h
index e5dc866de4..9624665805 100644
--- a/devtools/create_supernova/gametext.h
+++ b/devtools/create_supernova/gametext.h
@@ -1244,7 +1244,7 @@ const char *gameText2[] = {
 	"Sie sind wohl nicht ganz \201ber|die aktuellen Preise informiert!",    //You are probably not completely|informed about the current prices!
 	"Ich bin's, Horst Hummel!",    //It's me, Horst Hummel!
 	"Sch\224nes Wetter heute!",    //Nice weather today!
-	"K\224nnen Sie mir sagen, von wem ich eine Eintrittskarte f\201r den Musikwettbewerb kriegen kann?",    //Can you tell me who can get me a ticket for the music contest?
+	"",    //unused
 	// 345
 	"Ok, hier haben Sie den Xa.",    //OK, here is the Xa.
 	"Ich biete Ihnen 500 Xa.",    //I offer you 500 Xa.
@@ -1397,7 +1397,7 @@ const char *gameText2[] = {
 	"\216h - k\224nnten Sie mir das Ganze nochmal erkl\204ren?",    //Uh - could you explain that to me again?
 	// 470
 	"Wie gro\341 ist mein Anteil?",    //How big is my share?
-	"Machen Sie es immer so, da\341 Sie Ihre Komplizen \201ber ein Graffitti anwerben?",    //Do you always use graffiti to recruit your accomplices?
+	"",    //unused
 	"Hmm, Moment mal, ich frage den Boss.",    //Hmm wait, I will ask the boss.
 	"Kurze Zeit sp\204ter ...",    //A short while later ...
 	"Ok, der Boss will dich sprechen.",    //OK, the boss wants to talk to you.
@@ -1582,7 +1582,11 @@ const char *gameText2[] = {
 	"Sieht gef\204hrlich aus!", //Looks dangerous
 	"Das Auge ist schon offen.", //This Eye is already opened
 	// 625
-	"Es gelingt dir, zu fliehen.", //You manage to escape
+	"Es gelingt dir, zu fliehen.", //You manage to escape,
+	"K\224nnen Sie mir sagen, von wem ich eine Eintrittskarte", //Can you tell me who can get me a ticket for
+	"f\201r den Musikwettbewerb kriegen kann?",    //the music contest?
+	"Machen Sie es immer so, da\341 Sie Ihre Komplizen \201ber", //Do you always use graffiti to recruit
+	"ein Graffitti anwerben?",    //your accomplices?
 	NULL
 };
 
diff --git a/devtools/create_supernova/strings2-en.po b/devtools/create_supernova/strings2-en.po
index 4efa277a04..6b3321bbb4 100644
--- a/devtools/create_supernova/strings2-en.po
+++ b/devtools/create_supernova/strings2-en.po
@@ -7,16 +7,17 @@ msgid ""
 msgstr ""
 "Project-Id-Version: Mission Supernova Part 2 1.0\n"
 "Report-Msgid-Bugs-To: scummvm-devel at lists.scummvm.org\n"
-"POT-Creation-Date: 2019-06-13 00:06+0100\n"
-"PO-Revision-Date: 2019-09-13 00:00+0000\n"
+"POT-Creation-Date: 2021-09-07 21:01+0100\n"
+"PO-Revision-Date: 2021-09-07 20:12+0000\n"
 "Last-Translator: Thierry Crozat <criezy at scummvm.org>\n"
-"Language-Team: none\n"
+"Language-Team: English <https://translations.scummvm.org/projects/"
+"mission-supernova/ms2/en/>\n"
 "Language: en\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Weblate 3.7.1\n"
+"X-Generator: Weblate 4.4\n"
 
 #: ../../ms2/ms2.c:1641
 msgid "Gehe"
@@ -1022,8 +1023,8 @@ msgid ""
 "An der Wand steht:|\"Ich kenne eine tolle Geheimschrift:|A=Z, B=Y, C=X ...|"
 "0=0, 1=9, 2=8 ...\""
 msgstr ""
-"Something is written on the wall:|\"I know a great cipher:|A=Z, B=Y, C=X "
-"...|0=0, 1=9, 2=8 ...\""
+"Something is written on the wall:|\"I know a great cipher:|A=Z, B=Y, C=X ...|"
+"0=0, 1=9, 2=8 ...\""
 
 #: ../../ms2/ms2_r1.c:657
 msgid "Ok, ich nehme es."
@@ -1488,10 +1489,12 @@ msgid "Sch
 msgstr "Nice weather today!"
 
 #: ../../ms2/ms2_r2.c:49
-msgid ""
-"K”nnen Sie mir sagen, von wem ich eine Eintrittskarte fr den "
-"Musikwettbewerb kriegen kann?"
-msgstr "Can you tell me who can get me a ticket for the music contest?"
+msgid "K”nnen Sie mir sagen, von wem ich eine Eintrittskarte"
+msgstr "Can you tell me who can get me a ticket for"
+
+#: ../../ms2/ms2_r2.c:50
+msgid "fr den Musikwettbewerb kriegen kann?"
+msgstr "the music contest?"
 
 #: ../../ms2/ms2_r2.c:55
 msgid "Ok, hier haben Sie den Xa."
@@ -2063,9 +2066,12 @@ msgid "Wie gro
 msgstr "How big is my share?"
 
 #: ../../ms2/ms2_r2.c:695
-msgid ""
-"Machen Sie es immer so, daá Sie Ihre Komplizen ber ein Graffitti anwerben?"
-msgstr "Do you always use graffiti to recruit your accomplices?"
+msgid "Machen Sie es immer so, daá Sie Ihre Komplizen ber"
+msgstr "Do you always use graffiti to recruit your"
+
+#: ../../ms2/ms2_r2.c:696
+msgid "ein Graffitti anwerben?"
+msgstr "accomplices?"
 
 #: ../../ms2/ms2_r2.c:722
 msgid "Hmm, Moment mal, ich frage den Boss."
diff --git a/dists/engine-data/supernova.dat b/dists/engine-data/supernova.dat
index 74f0b66dba..037ae4b3b9 100644
Binary files a/dists/engine-data/supernova.dat and b/dists/engine-data/supernova.dat differ
diff --git a/engines/supernova/supernova.cpp b/engines/supernova/supernova.cpp
index d981efdd4b..4383709bc6 100644
--- a/engines/supernova/supernova.cpp
+++ b/engines/supernova/supernova.cpp
@@ -194,6 +194,7 @@ Common::Error SupernovaEngine::loadGameStrings() {
 		_gameStrings.push_back(s);
 		size -= s.size() + 1;
 	}
+
 	return Common::kNoError;
 }
 
diff --git a/engines/supernova/supernova.h b/engines/supernova/supernova.h
index 0be51cc511..9895bfc871 100644
--- a/engines/supernova/supernova.h
+++ b/engines/supernova/supernova.h
@@ -49,7 +49,7 @@ namespace Supernova {
 #define SAVEGAME_VERSION 10
 
 #define SUPERNOVA_DAT "supernova.dat"
-#define SUPERNOVA_DAT_VERSION 3
+#define SUPERNOVA_DAT_VERSION 4
 
 class GuiElement;
 class ResourceManager;
diff --git a/engines/supernova/supernova2/rooms.cpp b/engines/supernova/supernova2/rooms.cpp
index bbbc5f9f8f..e5890801d8 100644
--- a/engines/supernova/supernova2/rooms.cpp
+++ b/engines/supernova/supernova2/rooms.cpp
@@ -836,10 +836,11 @@ void CulturePalace::notEnoughMoney() {
 }
 
 bool CulturePalace::interact(Action verb, Object &obj1, Object &obj2) {
-	static int dial1[3] = {
+	static int dial1[4] = {
 		kStringHorstHummel,
 		kStringNiceWeather,
-		kStringTellTicket,
+		kStringTellTicket1,
+		kStringTellTicket2
 	};
 	static byte dials1[] = {1, 1, 2};
 
@@ -1721,12 +1722,14 @@ bool Elevator2::interact(Action verb, Object &obj1, Object &obj2) {
 }
 
 void Elevator2::jobDescription() {
-	static int dialBoss2[3] = {
+	static int dialBoss2[5] = {
 		kStringElevator8,
 		kStringElevator9,
-		kStringElevator10
+		kStringElevator10a,
+		kStringElevator10b,
+		kStringNo2
 	};
-	byte dialsBoss2[4] = {1,1,1,1};
+	byte dialsBoss2[4] = {1,1,2,1};
 
 	_gm->reply(kStringElevator29, 1, 1 + kSectionInvert);
 	_gm->reply(kStringElevator30, 1, 1 + kSectionInvert);
diff --git a/engines/supernova/supernova2/stringid.h b/engines/supernova/supernova2/stringid.h
index 5fa60a5228..9101607cfc 100644
--- a/engines/supernova/supernova2/stringid.h
+++ b/engines/supernova/supernova2/stringid.h
@@ -101,7 +101,7 @@ enum StringId2 {
 	kStringFaceDescription, kStringBooks, kStringDictionary, kStringPlant, kStringMask,
 	kStringSnake, kStringCup, kStringJoystick, kStringToothbrushDescription, kStringMusic,
 	kStringMusicDescription, kStringBottle, kStringBottleDescription, kStringBox, kStringSeller,
-	kStringWhat, kStringNotInformed, kStringHorstHummel, kStringNiceWeather, kStringTellTicket,
+	kStringWhat, kStringNotInformed, kStringHorstHummel, kStringNiceWeather, kUnused1,
 	kStringHereIsXa, kString500Xa, kString1000Xa, kString5000Xa, kString10000Xa,
 	// 350
 	kStringThankYou, kStringWhatYouOffer, kStringHello2, kStringWhatYouWant, kStringWhoAreYou,
@@ -132,7 +132,7 @@ enum StringId2 {
 	kStringAppearance25, kStringAppearance26, kStringAppearance27, kStringAppearance28, kStringAppearance29,
 	kStringAppearance30, kStringAppearance31, kStringElevator1, kStringElevator2, kStringElevator3,
 	kStringElevator4, kStringElevator5, kStringElevator6, kStringElevator7, kStringElevator8,
-	kStringElevator9, kStringElevator10, kStringElevator11, kStringElevator12, kStringElevator13,
+	kStringElevator9, kUnused2, kStringElevator11, kStringElevator12, kStringElevator13,
 	// 475
 	kStringElevator14, kStringElevator15, kStringElevator16, kStringElevator17, kStringElevator18,
 	kStringElevator19, kStringElevator20, kStringElevator21, kStringElevator22, kStringElevator23,
@@ -170,7 +170,7 @@ enum StringId2 {
 	kStringIntroTV15, kStringIntroTV16, kStringIntro9, kStringIntro10, kStringIntro11,
 	kStringIntro12, kStringIntro13, kStringIntro14, kStringMonsterDescription, kStringPyramid16,
 	// 625
-	kStringMuseum11
+	kStringMuseum11, kStringTellTicket1, kStringTellTicket2, kStringElevator10a, kStringElevator10b
 };
 }
 


Commit: c741f733a0c6cdc9ccaa8c219b098cc1a445373c
    https://github.com/scummvm/scummvm/commit/c741f733a0c6cdc9ccaa8c219b098cc1a445373c
Author: Thierry Crozat (criezy at scummvm.org)
Date: 2021-09-08T01:08:41+01:00

Commit Message:
SUPERNOVA: Fix use-after-free bug when dying

Since the inventory contains pointers to objects from the rooms, we
need to clear the inventory before we destroy the rooms and not after!

Changed paths:
    engines/supernova/game-manager.cpp


diff --git a/engines/supernova/game-manager.cpp b/engines/supernova/game-manager.cpp
index 2c8eba5772..740b3c49ff 100644
--- a/engines/supernova/game-manager.cpp
+++ b/engines/supernova/game-manager.cpp
@@ -947,6 +947,7 @@ void GameManager::dead(int messageId) {
 	_vm->paletteFadeOut();
 	_vm->removeMessage();
 
+	_inventory.clear();
 	destroyRooms();
 	initRooms();
 	initState();
@@ -955,7 +956,6 @@ void GameManager::dead(int messageId) {
 	else if (_vm->_MSPart == 2)
 		changeRoom(AIRPORT);
 	initGui();
-	_inventory.clear();
 	g_system->fillScreen(kColorBlack);
 	_vm->paletteFadeIn();
 


