[Scummvm-git-logs] scummvm master -> dccb48e0869ab06bbbbccc2dbac4e0759c3b8e41

sev- noreply at scummvm.org
Mon Aug 28 20:09:03 UTC 2023 

This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .

Summary:
dccb48e086 SHERLOCK: Fix incorrect talk history


Commit: dccb48e0869ab06bbbbccc2dbac4e0759c3b8e41
    https://github.com/scummvm/scummvm/commit/dccb48e0869ab06bbbbccc2dbac4e0759c3b8e41
Author: PushmePullyu (127053144+PushmePullyu at users.noreply.github.com)
Date: 2023-08-28T22:08:59+02:00

Commit Message:
SHERLOCK: Fix incorrect talk history

Increase talkHistoryEntry._data[] size from 16 to 32.

Prevents out-of-bounds access to talkHistoryEntry._data if
a talk file has more than 16 statements.

Warning: This bumps the save version to 6.

Fixes #14578

Changed paths:
    engines/sherlock/saveload.h
    engines/sherlock/talk.cpp
    engines/sherlock/talk.h


diff --git a/engines/sherlock/saveload.h b/engines/sherlock/saveload.h
index 1d3c57fd80d..e26f2a7e850 100644
--- a/engines/sherlock/saveload.h
+++ b/engines/sherlock/saveload.h
@@ -35,7 +35,7 @@ namespace Sherlock {
 #define ONSCREEN_FILES_COUNT 5
 
 enum {
-	CURRENT_SAVEGAME_VERSION = 5,
+	CURRENT_SAVEGAME_VERSION = 6,
 	MINIMUM_SAVEGAME_VERSION = 4
 };
 
diff --git a/engines/sherlock/talk.cpp b/engines/sherlock/talk.cpp
index 86be0fde152..889312228a7 100644
--- a/engines/sherlock/talk.cpp
+++ b/engines/sherlock/talk.cpp
@@ -88,7 +88,7 @@ void Statement::load(Common::SeekableReadStream &s, bool isRoseTattoo) {
 /*----------------------------------------------------------------*/
 
 TalkHistoryEntry::TalkHistoryEntry() {
-	Common::fill(&_data[0], &_data[16], false);
+	Common::fill(&_data[0], &_data[32], false);
 }
 
 /*----------------------------------------------------------------*/
@@ -978,11 +978,19 @@ void Talk::popStack() {
 }
 
 void Talk::synchronize(Serializer &s) {
+	// Since save version 6: each TalkHistoryEntry now holds 32 flags
+	const int numFlags = s.getVersion() > 5 ? 32 : 16;
+	const auto flagSize = sizeof _talkHistory[0]._data[0];
+
 	for (uint idx = 0; idx < _talkHistory.size(); ++idx) {
 		TalkHistoryEntry &he = _talkHistory[idx];
 
-		for (int flag = 0; flag < 16; ++flag)
+		for (int flag = 0; flag < numFlags; ++flag)
 			s.syncAsByte(he._data[flag]);
+
+		// For old saves with less than 32 flags we zero the rest
+		if (s.isLoading() && numFlags < 32)
+			memset(he._data + flagSize * 16, 0, flagSize * 16);
 	}
 }
 
diff --git a/engines/sherlock/talk.h b/engines/sherlock/talk.h
index 7da5db8c1a7..abe3ae6f915 100644
--- a/engines/sherlock/talk.h
+++ b/engines/sherlock/talk.h
@@ -155,7 +155,7 @@ struct Statement {
 };
 
 struct TalkHistoryEntry {
-	bool _data[16];
+	bool _data[32];
 
 	TalkHistoryEntry();
 	bool &operator[](int index) { return _data[index]; }

More information about the Scummvm-git-logs mailing list