[ scummvm-Patches-2606844 ] Fix crash when using BS1 without portuguese data

SourceForge.net noreply at sourceforge.net
Mon Feb 16 21:43:29 CET 2009


Patches item #2606844, was opened at 2009-02-16 20:43
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=418822&aid=2606844&group_id=37116

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Thierry Crozat (criezy)
Assigned to: Nobody/Anonymous (nobody)
Summary: Fix crash when using BS1 without portuguese data

Initial Comment:
Some BS1 versions do not have portuguese subtitles in the text cluster file. This causes a crash when setting the language of the game to portuguese in ScummVM. The attached patch solves the crash by permitting ResMan::resHandle(uint32 id) to return a null pointer (instead of whatever lies in memory at the out of bound read) and adding a number of tests to handle that properly in other functions (and also to avoid other out of bound reads and writes).

As is, the patch is not really complete. There is no crash but all the displayed subtitles are "Error: Text not found" (i.e. the error string in ObjectMan). This is fixed by the patch #2602772 that I submitted yesterday (which changes the error string to an empty string to fix bug #1977094).
The patch is against SVN 0.14.0 from February 16. It probably conflicts with the patch #2602772 for the changes in objectman.cpp, but this changes are very small and can be done manually (or I can prepare a new patch if needed). Most changes in this patch are in file resman.cpp

In case you are interested, the crash occurs because the swordres.rif file list only six groups for the cluster 2 (i.e. 6 languages in the text.clu files) instead of seven (which is normal as there really are only six languages in the text.clu files for this version). Therefore the groups array for the cluster 2 in the _prj variable has only six elements, and there is a lot of out of bound reading in that array when trying to read info for the seventh group (in _prj.clu[cluster].grp[group]).  This causes strange things, like trying to allocate x bytes, where x is supposed to be the data size for the group but in that case can be anything. Ultimately it crashes when allocating the memory for the group data and writing the pointer address in memory allocated for another cluster file (if it has not crashed before).

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=418822&aid=2606844&group_id=37116




More information about the Scummvm-tracker mailing list