[Scummvm-tracker] [ScummVM] #10322: FULLPIPE: Map screen, array OOB access

Bastien Bouclet trac at scummvm.org
Sun Nov 19 06:12:49 CET 2017 

#10322: FULLPIPE: Map screen, array OOB access
--------------------------+------------------------------
Reporter:  bgK            |      Owner:  (none)
    Type:  defect         |     Status:  new
Priority:  blocker        |  Component:  Engine: Fullpipe
Keywords:  has-backtrace  |       Game:  Full Pipe
--------------------------+------------------------------
 ScummVM: 64c88d4c4fd069dae321cc576259ef88a7cb2b78
 Game: German full version

 Steps to reproduce:
 - From the beginning of the game, enter the left pipe to the room with the
 creatures playing dominoes
 - Click on '2' on the elevator control panel
 - While the elevator is moving up, open the map

 {{{
 scummvm: ../common/array.h:192: T&
 Common::Array<T>::operator[](Common::Array<T>::size_type) [with T =
 Fullpipe::BigPicture*; Common::Array<T>::size_type = unsigned int]:
 Assertion `idx < _size' failed.
 (gdb) bt full
 #3  0x00007ffff40e3153 in __assert_fail () from /usr/lib/libc.so.6
 #4  0x00005555556bd6b6 in Common::Array<Fullpipe::BigPicture*>::operator[]
 (this=0x611000586068, idx=3) at ../common/array.h:192
         __PRETTY_FUNCTION__ = "T&
 Common::Array<T>::operator[](Common::Array<T>::size_type) [with T =
 Fullpipe::BigPicture*; Common::Array<T>::size_type = unsigned int]"
 #5  0x00005555556dbf51 in Fullpipe::Background::getBigPicture
 (this=0x611000586000, x=0, y=1) at ../engines/fullpipe/gfx.h:217
 #6  0x0000555555757671 in Fullpipe::Scene::drawContent
 (this=0x611000586000, minPri=60000, maxPri=0, drawBg=true)
     at ../engines/fullpipe/scene.cpp:722
         v27 = 0x7fff05050640
         y = 600
         v25 = 1
         oldx = 800
         bgStX = 306
         bgNumX = 0
         bgOffsetX = 306
         bgStY = 684
         bgNumY = 1
         bgOffsetY = 84
         bgPosX = 0
         width = 1600
         height = 600
         dims = {x = 1600, y = 1285}
 #7  0x000055555575544d in Fullpipe::Scene::draw (this=0x611000586000) at
 ../engines/fullpipe/scene.cpp:511
         priority = -18320
 #8  0x0000555555700228 in Fullpipe::ModalMap::update (this=0x60b00019f860)
 at ../engines/fullpipe/modal.cpp:587
 #9  0x000055555569a859 in Fullpipe::FullpipeEngine::updateScreen
 (this=0x61e000020480) at ../engines/fullpipe/fullpipe.cpp:485
 #10 0x0000555555698201 in Fullpipe::FullpipeEngine::run
 (this=0x61e000020480) at ../engines/fullpipe/fullpipe.cpp:303
         time2 = 244362
         format = {bytesPerPixel = 4 '\004', rLoss = 0 '\000', gLoss = 0
 '\000', bLoss = 0 '\000', aLoss = 0 '\000', rShift = 24 '\030',
           gShift = 16 '\020', bShift = 8 '\b', aShift = 0 '\000'}
         scene = 0
         time1 = 244362
 }}}

--
Ticket URL: <https://bugs.scummvm.org/ticket/10322>
ScummVM <https://bugs.scummvm.org>
ScummVM

More information about the Scummvm-tracker mailing list