[Scummvm-git-logs] scummvm master -> 2eb63a8931c75c190f731ddc532dcc0736492fb6
AndywinXp
noreply at scummvm.org
Sat May 28 08:30:45 UTC 2022
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
2eb63a8931 SCUMM: DiMUSE: Fix possible heap buffer overflow when fetching sound header
Commit: 2eb63a8931c75c190f731ddc532dcc0736492fb6
https://github.com/scummvm/scummvm/commit/2eb63a8931c75c190f731ddc532dcc0736492fb6
Author: AndywinXp (andywinxp at gmail.com)
Date: 2022-05-28T10:30:40+02:00
Commit Message:
SCUMM: DiMUSE: Fix possible heap buffer overflow when fetching sound header
Changed paths:
engines/scumm/imuse_digi/dimuse_dispatch.cpp
diff --git a/engines/scumm/imuse_digi/dimuse_dispatch.cpp b/engines/scumm/imuse_digi/dimuse_dispatch.cpp
index e528737f404..ff0d7be7280 100644
--- a/engines/scumm/imuse_digi/dimuse_dispatch.cpp
+++ b/engines/scumm/imuse_digi/dimuse_dispatch.cpp
@@ -1639,8 +1639,11 @@ int IMuseDigital::dispatchSeekToNextChunk(IMuseDigiDispatch *dispatchPtr) {
}
} else {
soundAddrData = _filesHandler->getSoundAddrData(dispatchPtr->trackPtr->soundId);
- if (soundAddrData) {
- memcpy(_currentVOCHeader, &soundAddrData[dispatchPtr->currentOffset], 0x30);
+ uint32 soundAddrSize = _filesHandler->getSoundAddrDataSize(dispatchPtr->trackPtr->soundId, dispatchPtr->streamPtr != 0);
+ uint32 fetchSize = (soundAddrSize - dispatchPtr->currentOffset) >= 0x30 ? 0x30 : (soundAddrSize - dispatchPtr->currentOffset);
+
+ if (soundAddrData && soundAddrSize > 0) {
+ memcpy(_currentVOCHeader, &soundAddrData[dispatchPtr->currentOffset], fetchSize);
} else {
return -1;
}
More information about the Scummvm-git-logs
mailing list