[Scummvm-tracker] [ScummVM :: Bugs] #12856: SUPERNOVA: Buffer overflow when speaking to NPC in Palace of Culture
ScummVM :: Bugs
trac at scummvm.org
Tue Sep 7 19:54:27 UTC 2021
#12856: SUPERNOVA: Buffer overflow when speaking to NPC in Palace of Culture
-------------------------+-------------------------------------------------
Reporter: criezy | Owner: criezy
Type: defect | Status: pending
Priority: normal | Component: Engine: Supernova
Version: | Resolution: assigned
Keywords: | Game: Mission Supernova Teil 2: Der
| Doppelgänger
-------------------------+-------------------------------------------------
Changes (by criezy):
* owner: (none) => criezy
* status: new => pending
* resolution: => assigned
Comment:
This one was a bug in the original:
{{{
static char *dial_kp1[4] =
{
"Ich bin's, Horst Hummel!",
"Schönes Wetter heute!",
"Können Sie mir sagen, von wem ich eine Eintrittskarte"
"für den Musikwettbewerb kriegen kann?"
};
static char dialz_kp1[3] = {1,1,2};
}}}
This is the dialog options. The second array indicate that there are three
options, the first one use one row each, and the second one uses 2 rows.
The first array should contain those four rows of text, but because of a
missing coma only contains three rows of text.
The original still specify the array as having 4 elements, but in ScummVM
we changed it to 3 elements and we get the buffer overflow when it tries
to access the 4rth.
The `kStringTellTicket` string should be split into two strings to
properly fix the issue. The buffer overflow itself can be fixed by
changing the second array to specify only one row for the last option. In
English the text actually fit on one row (but just barely). However in
german it is truncated.
The same original bug (missing coma) also happened in another place, but
there our code was already changed to specify a single row. However it is
also missing another sentence... So we have a different bug (and still a
buffer overflow). That other issue is with the `dialBoss2` array in
`Elevator2::jobDescription()`.
--
Ticket URL: <https://bugs.scummvm.org/ticket/12856#comment:2>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list