[Scummvm-tracker] [ScummVM :: Bugs] #12776: SCUMM: Use after free error in DOTT intro

[ScummVM :: Bugs]

#12776: SCUMM: Use after free error in DOTT intro
-------------------+----------------------------------
Reporter:  criezy  |       Owner:  (none)
    Type:  defect  |      Status:  new
Priority:  normal  |   Component:  Engine: SCUMM
 Version:          |  Resolution:
Keywords:          |        Game:  Day of the Tentacle
-------------------+----------------------------------
Comment (by criezy):

 Replying to [comment:4 eriktorbjorn]:
 > Would it help if _sysExDelay was updated before the call to
 sysExNoDelay(), or is there code that depends on it not being updated
 until after?

 This might be difficult to do since `_sysExDelay` is set using the value
 returned by `sysExNoDelay()`.

 And that would not be sufficient to fix the issue. The use-after-free
 issue would be fixed for `_sysExDelay`, but another one would occur in
 `onTimer()` after it returns from the `processEvent()` call. That one
 could probably easily be fixed by returning false in `processEvent() for
 that case.

 Maybe one way to fix it would be to change the code so that
 `sysExNoDelay()` returns a special value (such as `(uint)-1`) that
 indicates we do not want to update the `_sysExDelay` variable and should
 return false.

 But I am grasping at straws here as I am unfamiliar with the MIDI code and
 don't know what the implications of each change would be.
-- 
Ticket URL: <https://bugs.scummvm.org/ticket/12776#comment:5>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM