[Scummvm-git-logs] scummvm master -> e6452538a3af39ef4566bad6216d313e6e519771
dwatteau
noreply at scummvm.org
Thu Sep 29 20:59:58 UTC 2022
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
e6452538a3 SCUMM: Prevent vm.slot[] OOB access in ScummEngine::startScene()
Commit: e6452538a3af39ef4566bad6216d313e6e519771
https://github.com/scummvm/scummvm/commit/e6452538a3af39ef4566bad6216d313e6e519771
Author: Donovan Watteau (contrib at dwatteau.fr)
Date: 2022-09-29T22:50:23+02:00
Commit Message:
SCUMM: Prevent vm.slot[] OOB access in ScummEngine::startScene()
vm.slot[] only has NUM_SCRIPT_SLOT slots; don't dereference it with
_currentScript when _currentScript has the special 0xFF value (which is
always bigger than NUM_SCRIPT_SLOT). Its content was already unused in
that case, anyway.
Found with UBSan while calling `room 33` in the debugger in MI1.
Changed paths:
engines/scumm/room.cpp
diff --git a/engines/scumm/room.cpp b/engines/scumm/room.cpp
index 0b63b552d2a..b911710fec2 100644
--- a/engines/scumm/room.cpp
+++ b/engines/scumm/room.cpp
@@ -55,9 +55,8 @@ void ScummEngine::startScene(int room, Actor *a, int objectNr) {
fadeOut(_switchRoomEffect2);
_newEffect = _switchRoomEffect;
- ScriptSlot *ss = &vm.slot[_currentScript];
-
if (_currentScript != 0xFF) {
+ ScriptSlot *ss = &vm.slot[_currentScript];
if (ss->where == WIO_ROOM || ss->where == WIO_FLOBJECT) {
if (ss->cutsceneOverride && _game.version >= 5)
error("Object %d stopped with active cutscene/override in exit", ss->number);
More information about the Scummvm-git-logs
mailing list