[Scummvm-git-logs] scummvm master -> 3e50482cd9946dfea1987b2690afe7c9e1258839
sev-
noreply at scummvm.org
Thu Jun 12 09:02:58 UTC 2025
This automated email contains information about 6 new commits which have been
pushed to the 'scummvm' repo located at https://api.github.com/repos/scummvm/scummvm .
Summary:
74d0e38780 AWE: Plug memory leak. CID 1609872
7b22d2148d AWE: Prevent potential negative array index write. CID 1609873
bbf1e73892 AWE: Fix potential buffer overrun. CID 1609874
57ff00f18e AWE: Fix potential buffer overrun. CID 1609875
278b8170d8 AWE: Fix potential memory leak. CID 1609877
3e50482cd9 AWE: Fix potential buffer overrun. CID 1609876, 1609878
Commit: 74d0e3878080352183695405b215810c75aebcc6
https://github.com/scummvm/scummvm/commit/74d0e3878080352183695405b215810c75aebcc6
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2025-06-12T11:01:35+02:00
Commit Message:
AWE: Plug memory leak. CID 1609872
Changed paths:
engines/awe/resource_3do.cpp
diff --git a/engines/awe/resource_3do.cpp b/engines/awe/resource_3do.cpp
index e5420c421c4..8692a7c1379 100644
--- a/engines/awe/resource_3do.cpp
+++ b/engines/awe/resource_3do.cpp
@@ -159,6 +159,8 @@ uint8 *Resource3do::loadFile(int num, uint8 *dst, uint32 *size) {
if (decodedSize != SZ) {
warning("Unexpected LZSS decoded size %d", decodedSize);
+ free(tmp);
+ *size = 0;
return nullptr;
}
*size = decodedSize;
Commit: 7b22d2148dcb5b96ac72d747d43932f7d1ea4db7
https://github.com/scummvm/scummvm/commit/7b22d2148dcb5b96ac72d747d43932f7d1ea4db7
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2025-06-12T11:01:35+02:00
Commit Message:
AWE: Prevent potential negative array index write. CID 1609873
Changed paths:
engines/awe/resource_nth.cpp
diff --git a/engines/awe/resource_nth.cpp b/engines/awe/resource_nth.cpp
index dcc4b1e821c..131b6a16921 100644
--- a/engines/awe/resource_nth.cpp
+++ b/engines/awe/resource_nth.cpp
@@ -182,7 +182,7 @@ struct Resource15th : ResourceNth {
while (*p == ' ' || *p == '\t') {
++p;
}
- if ((uint32)strNum < ARRAYSIZE(_stringsTable)) {
+ if (strNum > 0 && (uint32)strNum < ARRAYSIZE(_stringsTable)) {
_stringsTable[strNum] = p;
}
}
Commit: bbf1e738926edbc41429aba630a56cfa310c03bd
https://github.com/scummvm/scummvm/commit/bbf1e738926edbc41429aba630a56cfa310c03bd
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2025-06-12T11:01:36+02:00
Commit Message:
AWE: Fix potential buffer overrun. CID 1609874
Changed paths:
engines/awe/resource_win31.cpp
diff --git a/engines/awe/resource_win31.cpp b/engines/awe/resource_win31.cpp
index 3bff9bc5147..bae60fe1ab5 100644
--- a/engines/awe/resource_win31.cpp
+++ b/engines/awe/resource_win31.cpp
@@ -146,6 +146,10 @@ struct LzHuffman {
int i = _child[kHuffmanRoot];
while (i < kTableSize) {
i += _stream.readBit();
+
+ if (i < kTableSize)
+ i = _child[i];
+
i = _child[i];
}
i -= kTableSize;
Commit: 57ff00f18e06dd1eb7dbcf54811d279623b95bba
https://github.com/scummvm/scummvm/commit/57ff00f18e06dd1eb7dbcf54811d279623b95bba
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2025-06-12T11:01:36+02:00
Commit Message:
AWE: Fix potential buffer overrun. CID 1609875
Changed paths:
engines/awe/resource_win31.cpp
diff --git a/engines/awe/resource_win31.cpp b/engines/awe/resource_win31.cpp
index bae60fe1ab5..ec05b46032b 100644
--- a/engines/awe/resource_win31.cpp
+++ b/engines/awe/resource_win31.cpp
@@ -175,7 +175,10 @@ struct LzHuffman {
const int copySize = (i - index) * sizeof(int);
memmove(_freq + index + 1, _freq + index, copySize);
_freq[index] = f;
- memmove(_child + index + 1, _child + index, copySize);
+
+ if (index + 1 < kTableSize)
+ memmove(_child + index + 1, _child + index, copySize);
+
_child[index] = j;
}
for (int i = 0; i < kTableSize; ++i) {
Commit: 278b8170d81a55add3e8a6614aff6af200ec8636
https://github.com/scummvm/scummvm/commit/278b8170d81a55add3e8a6614aff6af200ec8636
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2025-06-12T11:01:36+02:00
Commit Message:
AWE: Fix potential memory leak. CID 1609877
Changed paths:
engines/awe/resource_win31.cpp
diff --git a/engines/awe/resource_win31.cpp b/engines/awe/resource_win31.cpp
index ec05b46032b..a591f0df6b5 100644
--- a/engines/awe/resource_win31.cpp
+++ b/engines/awe/resource_win31.cpp
@@ -294,10 +294,13 @@ bool ResourceWin31::readEntries() {
}
uint8 *ResourceWin31::loadFile(int num, uint8 *dst, uint32 *size) {
+ bool allocated = false;
+
if (num > 0 && num < _entriesCount) {
Win31BankEntry *e = &_entries[num];
*size = e->size;
if (!dst) {
+ allocated = true;
dst = (uint8 *)malloc(e->size);
if (!dst) {
warning("Unable to allocate %d bytes", e->size);
@@ -318,6 +321,10 @@ uint8 *ResourceWin31::loadFile(int num, uint8 *dst, uint32 *size) {
}
}
warning("Unable to load resource #%d", num);
+
+ if (allocated)
+ free(dst);
+
return nullptr;
}
Commit: 3e50482cd9946dfea1987b2690afe7c9e1258839
https://github.com/scummvm/scummvm/commit/3e50482cd9946dfea1987b2690afe7c9e1258839
Author: Eugene Sandulenko (sev at scummvm.org)
Date: 2025-06-12T11:01:36+02:00
Commit Message:
AWE: Fix potential buffer overrun. CID 1609876, 1609878
Changed paths:
engines/awe/script.cpp
diff --git a/engines/awe/script.cpp b/engines/awe/script.cpp
index 147a825fc86..0f664c1a112 100644
--- a/engines/awe/script.cpp
+++ b/engines/awe/script.cpp
@@ -611,7 +611,7 @@ void Script::executeTask() {
::debug("Time = %d", _scriptVars[0xF7]);
}
continue;
-
+
default:
break;
}
@@ -771,7 +771,7 @@ static uint8 getWavLooping(uint16 resNum) {
case 132:
case 139:
return 1;
-
+
default:
break;
}
@@ -779,6 +779,10 @@ static uint8 getWavLooping(uint16 resNum) {
}
static int getSoundFreq(uint8 period) {
+ if (period > 39) {
+ warning("Script::getSoundFreq() invalid period %d", period);
+ period = 39;
+ }
return kPaulaFreq / (Script::PERIOD_TABLE[period] * 2);
}
More information about the Scummvm-git-logs
mailing list