[Scummvm-tracker] [ScummVM :: Bugs] #14503: MM: XEEN: crash in carnage hand animation
ScummVM :: Bugs
trac at scummvm.org
Sat Jun 10 04:54:00 UTC 2023
#14503: MM: XEEN: crash in carnage hand animation
--------------------+---------------------------------------------
Reporter: yarolig | Owner: (none)
Type: defect | Status: new
Priority: high | Component: Engine: MM: Xeen
Version: | Resolution:
Keywords: | Game: Might and Magic: World of Xeen
--------------------+---------------------------------------------
Comment (by PushmePullyu):
Tested on Linux x86_64 with master
!5a75fd3963d7698fa7bdd8f14f05dbcf897ca3d8, GOG version of World of Xeen:
I can reproduce the crash using the provided save.
It seems there are several cases where
"SpriteResource::load(Common::SeekableReadStream&)" loads incorrect values
into "_index[i].offset1" and "offset2". At least I assume so since some
offsets are larger than "_filesize".
Those I observed so far happen with "xeenpic.dat" and "049.att". "count"
also seems wrong for these.
The other files (all?) have the high octet of "count" as 0, so maybe it is
actually just 8 bits?
An incorrect "count" also causes attempts to read from the stream after
EOS was reached, but this is never checked. This means that some of the
offsets are uninitialized.
{{{
xeenpic.dat:
size: 53
count: 1032
_index[0]._offset1: 1025
_index[0]._offset2: 268
049.att:
size: 5526
count: 7777
_index[0]._offset1: 8480
_index[0]._offset2: 21402
}}}
--
Ticket URL: <https://bugs.scummvm.org/ticket/14503#comment:4>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list