[Scummvm-tracker] [ScummVM] #10704: MYST ME (gog version) Crash
digitall
trac at scummvm.org
Fri Sep 14 06:40:34 CEST 2018
#10704: MYST ME (gog version) Crash
-----------------------+----------------------------
Reporter: weirdzod | Owner: bgK
Type: defect | Status: new
Priority: high | Component: Engine: Mohawk
Resolution: | Keywords:
Game: Myst |
-----------------------+----------------------------
Comment (by digitall):
Ah. I think I see the root of the problem at image/pict.cpp line 582 i.e.
{{{
for (uint16 y = 0; y < surface->h; y++)
memcpy(_outputSurface->getBasePtr(0 + xOffset, y +
yOffset), surface->getBasePtr(0, y), surface->w *
surface->format.bytesPerPixel);
}}}
The size of _outputSurface is derived from the _imageRect size which is
not related to the size of the decoded surface so this can result in an
out of bounds copy.
@bgK: Can you take a look at adding some sanity limits for the copy from
the decoded surface to the _outputSurface to prevent any out of bounds
writes?
--
Ticket URL: <https://bugs.scummvm.org/ticket/10704#comment:6>
ScummVM <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list