[Scummvm-tracker] [ScummVM] #10287: TITANIC: Buffer overflow talking to Barbot
Colin Snover
trac at scummvm.org
Tue Oct 10 02:52:31 CEST 2017
#10287: TITANIC: Buffer overflow talking to Barbot
--------------------+------------------------------
Reporter: csnover | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: Titanic
Keywords: | Game: Starship Titanic
--------------------+------------------------------
1. Load attached save
2. Say "please give me titania's vision center"
{{{
#5 0x0000000100278cb7 in
Titanic::TTparser::searchAndReplace(Titanic::TTstring&, int,
Common::Array<Titanic::CString> const&) at
scummvm/engines/titanic/true_talk/tt_parser.cpp:382
#6 0x000000010027758d in
Titanic::TTparser::searchAndReplace(Titanic::TTstring&,
Common::Array<Titanic::CString> const&) at
scummvm/engines/titanic/true_talk/tt_parser.cpp:354
#7 0x000000010027664d in
Titanic::TTparser::preprocess(Titanic::TTsentence*) at
scummvm/engines/titanic/true_talk/tt_parser.cpp:93
#8 0x0000000100257b0a in
Titanic::CScriptHandler::processInput(Titanic::TTroomScript*,
Titanic::TTnpcScript*, Titanic::TTstring const&) at
scummvm/engines/titanic/true_talk/script_handler.cpp:83
#9 0x0000000100262bd5 in
Titanic::CTrueTalkManager::processInput(Titanic::CTrueTalkNPC*,
Titanic::CTextInputMsg*, Titanic::CViewItem*) at
scummvm/engines/titanic/true_talk/true_talk_manager.cpp:335
#10 0x0000000100167590 in
Titanic::CTrueTalkNPC::TextInputMsg(Titanic::CTextInputMsg*) at
scummvm/engines/titanic/npcs/true_talk_npc.cpp:83
#11 0x000000010012f609 in
Titanic::CMessage::perform(Titanic::CTreeItem*) at
scummvm/engines/titanic/messages/messages.cpp:107
#12 0x000000010012f110 in
Titanic::CMessage::execute(Titanic::CTreeItem*, Titanic::ClassDef const*,
int) at scummvm/engines/titanic/messages/messages.cpp:60
#13 0x0000000100174be0 in
Titanic::CPetConversations::textLineEntered(Titanic::CString const&) at
scummvm/engines/titanic/pet_control/pet_conversations.cpp:507
#14 0x00000001001733d2 in
Titanic::CPetConversations::handleKey(Common::KeyState const&) at
scummvm/engines/titanic/pet_control/pet_conversations.cpp:490
#15 0x0000000100173176 in
Titanic::CPetConversations::KeyCharMsg(Titanic::CKeyCharMsg*) at
scummvm/engines/titanic/pet_control/pet_conversations.cpp:224
#16 0x000000010016a084 in
Titanic::CPetControl::KeyCharMsg(Titanic::CKeyCharMsg*) at
scummvm/engines/titanic/pet_control/pet_control.cpp:339
#17 0x000000010012f609 in
Titanic::CMessage::perform(Titanic::CTreeItem*) at
scummvm/engines/titanic/messages/messages.cpp:107
#18 0x000000010012f110 in
Titanic::CMessage::execute(Titanic::CTreeItem*, Titanic::ClassDef const*,
int) at scummvm/engines/titanic/messages/messages.cpp:60
#19 0x00000001002a202f in
Titanic::CInputHandler::dispatchMessage(Titanic::CMessage*) at
scummvm/engines/titanic/input_handler.cpp:154
#20 0x00000001002a1874 in
Titanic::CInputHandler::processMessage(Titanic::CMessage*) at
scummvm/engines/titanic/input_handler.cpp:84
#21 0x00000001002a167e in
Titanic::CInputHandler::handleMessage(Titanic::CMessage&, bool) at
scummvm/engines/titanic/input_handler.cpp:72
#22 0x00000001002a3106 in
Titanic::CInputTranslator::keyDown(Common::KeyState const&) at
scummvm/engines/titanic/input_translator.cpp:91
#23 0x00000001002a6350 in
Titanic::CMainGameWindow::keyDown(Common::KeyState) at
scummvm/engines/titanic/main_game_window.cpp:367
#24 0x0000000100299180 in Titanic::Events::pollEvents() at
scummvm/engines/titanic/events.cpp:95
#25 0x0000000100299ccd in Titanic::Events::pollEventsAndWait() at
scummvm/engines/titanic/events.cpp:112
#26 0x00000001002a95ee in Titanic::TitanicEngine::run() at
scummvm/engines/titanic/titanic.cpp:157
}}}
--
Ticket URL: <https://bugs.scummvm.org/ticket/10287>
ScummVM <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list