[Scummvm-tracker] [ScummVM :: Bugs] #12465: AGS: Crash when exiting Mage's Initiation
ScummVM :: Bugs
trac at scummvm.org
Mon Apr 19 23:21:34 UTC 2021
#12465: AGS: Crash when exiting Mage's Initiation
-------------------+-------------------------
Reporter: criezy | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: AGS
Version: | Keywords:
Game: |
-------------------+-------------------------
When we start Mage's Initiation and select the Quit option from the game
menu, ScummVM crashes with a buffer overflow in
{{{
#0 in AGS3::ExecutingScript::init() executingscript.cpp:83
#1 in AGS3::PrepareTextScript(AGS3::ccInstance*, char const**)
script.cpp:314
#2 in AGS3::RunScriptFunctionIfExists(AGS3::ccInstance*, char const*, int,
AGS3::RuntimeScriptValue const*) script.cpp:349
#3 in AGS3::run_claimable_event(char const*, bool, int,
AGS3::RuntimeScriptValue const*, bool*) event.cpp:72
#4 in AGS3::RunTextScript2IParam(AGS3::ccInstance*, char const*,
AGS3::RuntimeScriptValue const&, AGS3::RuntimeScriptValue const&)
script.cpp:435
#5 in AGS3::RunScriptFunction(AGS3::ScriptInstType, char const*, unsigned
long, AGS3::RuntimeScriptValue const&, AGS3::RuntimeScriptValue const&)
script.cpp:265
#6 in AGS3::QueueScriptFunction(AGS3::ScriptInstType, char const*,
unsigned long, AGS3::RuntimeScriptValue const&, AGS3::RuntimeScriptValue
const&) script.cpp:258
#7 in AGS3::run_on_event(int, AGS3::RuntimeScriptValue&) event.cpp:87
#8 in AGS3::gui_on_mouse_down(int, int) gui.cpp:659
#9 in AGS3::check_mouse_controls() game_run.cpp:227
#10 in AGS3::check_controls() game_run.cpp:507
#11 in AGS3::game_loop_check_controls(bool) game_run.cpp:554
#12 in AGS3::UpdateGameOnce(bool,
AGS3::AGS::Engine::IDriverDependantBitmap*, int, int) game_run.cpp:727
#13 in AGS3::GameTick() game_run.cpp:865
#14 in AGS3::RunGameUntilAborted() game_run.cpp:956
}}}
The issue is that in PrepareTextScript it start using more script than
allocated in the Globals::_scripts array
{{{
_G(scripts)[_G(num_scripts)].init();
_G(scripts)[_G(num_scripts)].inst = sci;
...
_G(num_scripts)++;
}}}
In the original it never use more than one script at a time on this title
screen. In ScummVM that is also the case until we click on Quit, and then
it starts using more and more scripts until it crashes.
--
Ticket URL: <https://bugs.scummvm.org/ticket/12465>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list