[Scummvm-git-logs] scummvm master -> e27d1ae1607412bb3956a2718a614497b94781bc

bluegr noreply at scummvm.org
Fri Dec 16 10:44:01 UTC 2022


This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
e27d1ae160 GLK: SCOTT: Fix out-of-bounds write


Commit: e27d1ae1607412bb3956a2718a614497b94781bc
    https://github.com/scummvm/scummvm/commit/e27d1ae1607412bb3956a2718a614497b94781bc
Author: angstsmurf (ignalina at me.com)
Date: 2022-12-16T12:43:56+02:00

Commit Message:
GLK: SCOTT: Fix out-of-bounds write

If nv or nn (number of verbs or number of nouns) is equal to or larger than the number
of words + 2, this loop will try to write out of bounds and assert. This happens for
example in the C64 version of The Golden Baton.

To fix this, it is really enough to change the >= operator to >, but I took the opportunity
to simplify the code a bit as well.

Changed paths:
    engines/glk/scott/resource.cpp


diff --git a/engines/glk/scott/resource.cpp b/engines/glk/scott/resource.cpp
index 2e435f272f6..617d0739d31 100644
--- a/engines/glk/scott/resource.cpp
+++ b/engines/glk/scott/resource.cpp
@@ -105,12 +105,9 @@ uint8_t *readDictionary(GameInfo info, uint8_t **pointer, int loud) {
 	int nv = info._numberOfVerbs;
 	int nn = info._numberOfNouns;
 
-	for (int i = 0; i <= MAX(nv, nw) - nv; i++) {
-		_G(_verbs)[nv + i] = ".\0";
-	}
-
-	for (int i = 0; i <= MAX(nn, nw) - nn; i++) {
-		_G(_nouns)[nn + i] = ".\0";
+	for (int i = 0; i < nw + 2; i++) {
+		_G(_verbs)[i] = ".";
+		_G(_nouns)[i] = ".";
 	}
 
 	do {




More information about the Scummvm-git-logs mailing list