[Scummvm-tracker] [ScummVM :: Bugs] #15887: TOLTECS: drawGuiTextMulti() heap buffer-overflow with demo
ScummVM :: Bugs
trac at scummvm.org
Mon Apr 21 22:08:15 UTC 2025
#15887: TOLTECS: drawGuiTextMulti() heap buffer-overflow with demo
---------------------+--------------------------------------
Reporter: dwatteau | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: Toltecs
Version: | Resolution:
Keywords: | Game: 3 Skulls of the Toltecs
---------------------+--------------------------------------
Comment (by dwatteau):
Small bit of debugger context:
{{{
(lldb) frame select 5
frame #5: 0x00000001004f8f64
scummvm`Toltecs::Screen::drawGuiTextMulti(this=0x0000618000106080,
textData="\n\f\xa0") at screen.cpp:524:7
521
522 // Really strange stuff.
523 for (int i = 30; i >= 0; i--) {
-> 524 if (textData[i] >= 0xF0)
525 break;
526 if (i == 0)
527 return;
(lldb) p i
(int) 30
(lldb) x/32c textData
0x62a000071f43: \n\f\xa0\0VIEW DEMO\xff\n\f\xe0\x01PLAY DEMO\xff\0\0\0\0
}}}
--
Ticket URL: <https://bugs.scummvm.org/ticket/15887#comment:1>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list