[Scummvm-git-logs] scummvm master -> ec98389ca5cc5240c7fddb9c21bf18a58cdc6f87

Fri Oct 17 21:32:45 UTC 2025

This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://api.github.com/repos/scummvm/scummvm .

Summary:
ec98389ca5 SCUMM: DIG/DiMUSE: Post-load fix for corrupted savegames


Commit: ec98389ca5cc5240c7fddb9c21bf18a58cdc6f87
    https://github.com/scummvm/scummvm/commit/ec98389ca5cc5240c7fddb9c21bf18a58cdc6f87
Author: AndywinXp (andywinxp at gmail.com)
Date: 2025-10-17T23:32:38+02:00

Commit Message:
SCUMM: DIG/DiMUSE: Post-load fix for corrupted savegames

Fixes #16287:

"SCUMM: DIG: Game crashes when moving to another area"

There has been a small wave of corrupted savegames which
were seemingly connected to ticket #15215:

"SCUMM: DIG: Error box 29 is out of bounds in ScummVM 2.8.1"

In affected savegames, the _attributes array from the iMUSE system
seems to contain byteswapped 32-bit values in a few of the slots,
suggesting some kind of data corruption happening behind the scenes.

While the issue was solved in eefca8b ("SCUMM: (DIG) - fix setActorWalkSpeed"),
there is no guarantee that a previous savegame won't be affected and won't cause
a chain reaction in playDigMusic(), causing an out of bounds array read.

This is a pretty reliable way to detect if the savegame was corrupted.

Hopefully.

Changed paths:
    engines/scumm/imuse_digi/dimuse_engine.cpp

diff --git a/engines/scumm/imuse_digi/dimuse_engine.cpp b/engines/scumm/imuse_digi/dimuse_engine.cpp
index 44ecde76563..54e22b002d1 100644
--- a/engines/scumm/imuse_digi/dimuse_engine.cpp
+++ b/engines/scumm/imuse_digi/dimuse_engine.cpp
@@ -357,6 +357,28 @@ void IMuseDigital::saveLoadEarly(Common::Serializer &s) {
 	} else {
 		diMUSESaveLoad(s);
 
+		// WORKAROUND: There has been a small wave of corrupted savegames which
+		// were seemingly connected to ticket #15215:
+		// "SCUMM: DIG: Error box 29 is out of bounds in ScummVM 2.8.1"
+		//
+		// In affected savegames, the _attributes array from the iMUSE system
+		// seems to contain byteswapped 32-bit values in a few of the slots,
+		// suggesting some kind of data corruption happening behind the scenes.
+		//
+		// While the issue was solved in eefca8b ("SCUMM: (DIG) - fix setActorWalkSpeed"),
+		// there is no guarantee that a previous savegame won't be affected and won't cause
+		// a chain reaction in playDigMusic(), causing an out of bounds array read.
+		//
+		// This is a pretty reliable way to detect if the savegame was corrupted.
+ 		if (_vm->_game.id == GID_DIG && s.isLoading()) {
+			for (int i = 0; i < ARRAYSIZE(_attributes); i++) {
+				if (_attributes[i] > 32) { // Theoretically I haven't seen attribute values go beyond 5...
+					debug(2, "IMuseDigital::saveLoadEarly(): Patching corrupted DIG savegame, found invalid attribute %d at index %d. It will be zero-ed.", _attributes[i], i);
+					_attributes[i] = 0; // Bummer... still better than crashing the game though ;-)
+				}
+			}
+		}
+
 		if (s.isLoading() && _vm->isUsingOriginalGUI()) {
 			diMUSESetMusicGroupVol(diMUSEGetMusicGroupVol());
 			diMUSESetVoiceGroupVol(diMUSEGetVoiceGroupVol());


