[Scummvm-git-logs] scummvm master -> ffd34f6419768fa8f32aba6bc49185225e9c3d43

sluicebox noreply at scummvm.org
Fri Jan 9 09:37:12 UTC 2026 

This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://api.github.com/repos/scummvm/scummvm .

Summary:
ffd34f6419 HUGO: Fix HUGO2 maze crash when parsing inputs


Commit: ffd34f6419768fa8f32aba6bc49185225e9c3d43
    https://github.com/scummvm/scummvm/commit/ffd34f6419768fa8f32aba6bc49185225e9c3d43
Author: sluicebox (22204938+sluicebox at users.noreply.github.com)
Date: 2026-01-09T01:36:30-08:00

Commit Message:
HUGO: Fix HUGO2 maze crash when parsing inputs

This is a bug in the original game; the parser read out of bounds
memory when in the HUGO2 maze. In ScummVM this crashed with an
access violation.

This was discovered in 2011: aba8451744c692dc2108e2dd860731d46ab207e8

The 2011 fix only applied to the Windows version. It added a check to
the HUGO1 DOS parser, but this had no effect on the HUGO2 DOS maze.

Even with the 2011 fix, the Windows version crashed on certain commands
if teleporting to the maze with cheat codes or the ScummVM debugger

Now both Hugo2 DOS and Windows are fixed, even when teleporting.

DOS: Fixes "read bottle" after picking up the bottle
WIN: Fixes "read sign" after teleporting to maze

Changed paths:
    engines/hugo/parser_v1d.cpp
    engines/hugo/parser_v2d.cpp
    engines/hugo/parser_v3d.cpp


diff --git a/engines/hugo/parser_v1d.cpp b/engines/hugo/parser_v1d.cpp
index a6d55454a5d..05b6f11dcc4 100644
--- a/engines/hugo/parser_v1d.cpp
+++ b/engines/hugo/parser_v1d.cpp
@@ -283,9 +283,6 @@ void Parser_v1d::dropObject(Object *obj) {
 bool Parser_v1d::isCatchallVerb_v1(bool testNounFl, const char *noun, const char *verb, ObjectList obj) const {
 	debugC(1, kDebugParser, "isCatchallVerb(%d, %s, %s, object_list_t obj)", (testNounFl) ? 1 : 0, noun, verb);
 
-	if (_vm->_maze._enabledFl)
-		return false;
-
 	if (testNounFl && !noun)
 		return false;
 
diff --git a/engines/hugo/parser_v2d.cpp b/engines/hugo/parser_v2d.cpp
index 982630f55dd..4a695d7ec63 100644
--- a/engines/hugo/parser_v2d.cpp
+++ b/engines/hugo/parser_v2d.cpp
@@ -287,6 +287,11 @@ bool Parser_v2d::isObjectVerb_v2(const char *word, Object *obj) {
 bool Parser_v2d::isBackgroundWord_v2(const char *noun, const char *verb, ObjectList obj) const {
 	debugC(1, kDebugParser, "isBackgroundWord(%s, %s, object_list_t obj)", noun, verb);
 
+	// WORKAROUND: obj is an invalid pointer if in the Hugo2 maze (original bug)
+	if (*(_vm->_screenPtr) >= _backgroundObjectsSize) {
+		return false;
+	}
+
 	if (!noun)
 		return false;
 
@@ -312,8 +317,10 @@ bool Parser_v2d::isBackgroundWord_v2(const char *noun, const char *verb, ObjectL
 bool Parser_v2d::isCatchallVerb_v2(bool testNounFl, const char *noun, const char *verb, ObjectList obj) const {
 	debugC(1, kDebugParser, "isCatchallVerb(%d, %s, %s, object_list_t obj)", (testNounFl) ? 1 : 0, noun, verb);
 
-	if (_vm->_maze._enabledFl)
+	// WORKAROUND: obj is an invalid pointer if in the Hugo2 maze (original bug)
+	if (*(_vm->_screenPtr) >= _backgroundObjectsSize) {
 		return false;
+	}
 
 	if (testNounFl && !noun)
 		return false;
diff --git a/engines/hugo/parser_v3d.cpp b/engines/hugo/parser_v3d.cpp
index e56030ba52d..f2b48eaf560 100644
--- a/engines/hugo/parser_v3d.cpp
+++ b/engines/hugo/parser_v3d.cpp
@@ -408,8 +408,10 @@ void Parser_v3d::dropObject(Object *obj) {
 bool Parser_v3d::isCatchallVerb_v3(ObjectList obj) const {
 	debugC(1, kDebugParser, "isCatchallVerb(object_list_t obj)");
 
-	if (_vm->_maze._enabledFl)
+	// WORKAROUND: obj is an invalid pointer if in the Hugo2 maze (original bug)
+	if (*(_vm->_screenPtr) >= _backgroundObjectsSize) {
 		return false;
+	}
 
 	for (int i = 0; obj[i]._verbIndex != 0; i++) {
 		if (isWordPresent(_vm->_text->getVerbArray(obj[i]._verbIndex)) && obj[i]._nounIndex == 0 &&
@@ -436,8 +438,10 @@ bool Parser_v3d::isCatchallVerb_v3(ObjectList obj) const {
 bool Parser_v3d::isBackgroundWord_v3(ObjectList obj) const {
 	debugC(1, kDebugParser, "isBackgroundWord(object_list_t obj)");
 
-	if (_vm->_maze._enabledFl)
+	// WORKAROUND: obj is an invalid pointer if in the Hugo2 maze (original bug)
+	if (*(_vm->_screenPtr) >= _backgroundObjectsSize) {
 		return false;
+	}
 
 	for (int i = 0; obj[i]._verbIndex != 0; i++) {
 		if (isWordPresent(_vm->_text->getVerbArray(obj[i]._verbIndex)) &&

More information about the Scummvm-git-logs mailing list