[Scummvm-git-logs] scummvm master -> 7fd392fb3322f263c744ca32b8defffc3031e491
sdelamarre
noreply at scummvm.org
Sat Sep 13 20:50:25 UTC 2025
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://api.github.com/repos/scummvm/scummvm .
Summary:
7fd392fb33 GOB: Fix missing bounds checking on array access in the expression parser
Commit: 7fd392fb3322f263c744ca32b8defffc3031e491
https://github.com/scummvm/scummvm/commit/7fd392fb3322f263c744ca32b8defffc3031e491
Author: Simon Delamarre (simon.delamarre14 at gmail.com)
Date: 2025-09-13T22:50:09+02:00
Commit Message:
GOB: Fix missing bounds checking on array access in the expression parser
Some scripts rely on it. Fixes a crash in Adi4 when leaving applications.
Changed paths:
engines/gob/expression.cpp
diff --git a/engines/gob/expression.cpp b/engines/gob/expression.cpp
index 06294e8a936..fb94e36c675 100644
--- a/engines/gob/expression.cpp
+++ b/engines/gob/expression.cpp
@@ -649,7 +649,7 @@ uint16 Expression::parseVarIndex(uint16 *size, uint16 *type) {
_vm->_game->_script->skip(dimCount);
offset = 0;
for (dim = 0; dim < dimCount; dim++) {
- temp2 = parseValExpr(OP_END_MARKER);
+ temp2 = CLIP<int>(parseValExpr(OP_END_MARKER), 0, arrDesc[dim] - 1);
offset = arrDesc[dim] * offset + temp2;
}
if (operation == OP_ARRAY_INT8)
@@ -720,7 +720,7 @@ void Expression::loadValue(byte operation, uint32 varBase, const StackFrame &sta
_vm->_game->_script->skip(dimCount);
offset = 0;
for (dim = 0; dim < dimCount; dim++) {
- temp2 = parseValExpr(OP_END_MARKER);
+ temp2 = CLIP<int>(parseValExpr(OP_END_MARKER), 0, arrDescPtr[dim] - 1);
offset = offset * arrDescPtr[dim] + temp2;
}
if (operation == OP_ARRAY_INT8)
More information about the Scummvm-git-logs
mailing list