[Scummvm-tracker] [ScummVM :: Bugs] #6356: AGOS: Simon1 Crash in Dwarf Cave
ScummVM :: Bugs
trac at scummvm.org
Tue Nov 5 19:52:00 UTC 2024
#6356: AGOS: Simon1 Crash in Dwarf Cave
------------------------+-----------------------------------
Reporter: SF/pbholmen | Owner: Kirben
Type: defect | Status: new
Priority: high | Component: Engine: AGOS
Version: | Resolution:
Keywords: | Game: Simon the Sorcerer 1
------------------------+-----------------------------------
Comment (by bluegr):
The crash occurs here, when loading:
void AGOSEngine::vc48_setPathFinder() {
uint16 a = (uint16)_variableArrayPtr[12];
const uint16 *p = _pathFindArray[a - 1];
In this case, a is 6, but _pathFindArray only has 5 elements, so it goes
out of bounds, reads null and crashes
I can fix the issue with this workaround, but is it a good way of fixing
this issue?
diff --git a/engines/agos/vga_s1.cpp b/engines/agos/vga_s1.cpp
index 9e4ea8e6b89..13a5e3d1765 100644
--- a/engines/agos/vga_s1.cpp
+++ b/engines/agos/vga_s1.cpp
@@ -179,6 +179,11 @@ void AGOSEngine::vc47_addToVar() {
void AGOSEngine::vc48_setPathFinder() {
uint16 a = (uint16)_variableArrayPtr[12];
+ if (!_pathFindArray[a - 1]) {
+ warning("Invalid path, attempting to correct");
+ a = 1;
+ }
+
const uint16 *p = _pathFindArray[a - 1];
uint b = (uint16)_variableArray[13];
i.e. it picks the first element in the list, if the pointer is out of
bounds
--
Ticket URL: <https://bugs.scummvm.org/ticket/6356#comment:6>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list