[Scummvm-tracker] [ScummVM :: Bugs] #13935: SCUMM: FT: drawCharV7() buffer-overflow during ending credits (ASAN)
ScummVM :: Bugs
trac at scummvm.org
Thu Nov 17 20:24:55 UTC 2022
#13935: SCUMM: FT: drawCharV7() buffer-overflow during ending credits (ASAN)
--------------------------+------------------------------
Reporter: dwatteau | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: SCUMM
Version: | Keywords: ASAN, drawCharV7
Game: Full Throttle |
--------------------------+------------------------------
ASAN (clang++ 14) detected this when the text scrolls during the ending
credits to Full Throttle (Git HEAD build). Impacted char was a `\x8a`,
which is an "è".
{{{
...
SUMMARY: AddressSanitizer: heap-buffer-overflow charset.cpp:2024 in
Scumm::CharsetRendererV7::drawCharV7(unsigned char*, Common::Rect&, int,
int, int, short, Scumm::TextStyleFlags, unsigned char)
frame #5: 0x00000001002d101b
scummvm`Scumm::CharsetRendererV7::drawCharV7(this=0x000060e000083ec0,
buffer="##############################################################################################################",
clipRect=0x000063200001330e, x=134, y=0, pitch=320, col=146,
flags=kStyleAlignCenter, chr='\x8a') at charset.cpp:2024:10
2021 for (int dx = x; dx < x + _origWidth; ++dx) {
2022 byte color = (bits >> (8 - bpp)) & 0xFF;
2023 if (color && dx >= 0 && dx < x + width &&
y >= 0)
-> 2024 *dst = cmap[color];
2025 dst++;
2026 bits <<= bpp;
2027 numbits -= bpp;
...
}}}
Full trace attached below. I've tried having a look at it myself, but
couldn't figure out the issue.
Nothing urgent!
--
Ticket URL: <https://bugs.scummvm.org/ticket/13935>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list