[Scummvm-git-logs] scummvm branch-2-7 -> 7cf8c17039effe8ea43a0ccf6c26b878a5909c09
dwatteau
noreply at scummvm.org
Mon May 29 08:48:17 UTC 2023
This automated email contains information about 2 new commits which have been
pushed to the 'scummvm' repo located at https://github.com/scummvm/scummvm .
Summary:
7acecd9db4 SAGA: Fix memory and file handle leak in loadResource
7cf8c17039 SAGA: Fix use-after-free on handling actor action
Commit: 7acecd9db413be86df058f75aa996ae44d0277b1
https://github.com/scummvm/scummvm/commit/7acecd9db413be86df058f75aa996ae44d0277b1
Author: PushmePullyu (127053144+PushmePullyu at users.noreply.github.com)
Date: 2023-05-29T10:47:24+02:00
Commit Message:
SAGA: Fix memory and file handle leak in loadResource
Fixes #14334
(cherry picked from commit d2745ff37f86442f69c3e630ba84aa6d7bf64228)
Changed paths:
engines/saga/resource.cpp
diff --git a/engines/saga/resource.cpp b/engines/saga/resource.cpp
index 871a111b688..f37adb2ab01 100644
--- a/engines/saga/resource.cpp
+++ b/engines/saga/resource.cpp
@@ -490,11 +490,11 @@ void Resource::loadResource(ResourceContext *context, uint32 resourceId, ByteArr
ResourceData *resourceData = context->getResourceData(resourceId);
Common::SeekableReadStream *file = nullptr;
uint32 resourceOffset = resourceData->offset;
+ Common::File actualFile;
if (resourceData->diskNum == -1)
file = context->getFile(resourceData);
else {
- Common::File *actualFile = new Common::File();
Common::String fileName = context->_fileName;
int sz = fileName.size();
while(sz > 0 && fileName[sz - 1] != '.')
@@ -505,9 +505,9 @@ void Resource::loadResource(ResourceContext *context, uint32 resourceId, ByteArr
fileName = Common::String::format("%s%02d.adf", fileName.substr(0, sz).c_str(), resourceData->diskNum + 1);
else
fileName = Common::String::format("%s.%03d", fileName.substr(0, sz).c_str(), resourceData->diskNum);
- if (!actualFile->open(fileName))
+ if (!actualFile.open(fileName))
error("Resource::loadResource() failed to open %s", fileName.c_str());
- file = actualFile;
+ file = &actualFile;
}
debug(8, "loadResource %d 0x%X:0x%X", resourceId, resourceOffset, uint(resourceData->size));
Commit: 7cf8c17039effe8ea43a0ccf6c26b878a5909c09
https://github.com/scummvm/scummvm/commit/7cf8c17039effe8ea43a0ccf6c26b878a5909c09
Author: PushmePullyu (127053144+PushmePullyu at users.noreply.github.com)
Date: 2023-05-29T10:47:33+02:00
Commit Message:
SAGA: Fix use-after-free on handling actor action
On switching scenes:
Reset _actor->_lastZone in Actor::updateActorsScene().
Actors can store a pointer to a HitZone in _lastZone
(see Actor::handleActions()).
The HitZone pointed to is held by ObjectMap vm->_scene->_objectMap
in array _hitZoneList.
When changing scenes the array elements are cleared via
ObjectMap::clear() and _lastZone can become stale since
only some code paths reset it (e.g. Actor::takeExit()).
The stale pointer is then passed to Actor::stepZoneAction()
from Actor::handleActions() and dereferenced.
Fixes #13661
(cherry picked from commit bad85b3c9cbd7542bcdd9e2b730bb42119df0193)
Changed paths:
engines/saga/actor_walk.cpp
diff --git a/engines/saga/actor_walk.cpp b/engines/saga/actor_walk.cpp
index ae812258349..ed7e0ae9581 100644
--- a/engines/saga/actor_walk.cpp
+++ b/engines/saga/actor_walk.cpp
@@ -192,6 +192,7 @@ void Actor::updateActorsScene(int actorsEntrance) {
_protagonist = nullptr;
for (ActorDataArray::iterator actor = _actors.begin(); actor != _actors.end(); ++actor) {
+ actor->_lastZone = nullptr;
actor->_inScene = false;
actor->_spriteList.clear();
if ((actor->_flags & (kProtagonist | kFollower)) || (actor->_index == 0)) {
More information about the Scummvm-git-logs
mailing list