[Scummvm-tracker] [ScummVM :: Bugs] #15901: KYRA: SoundTownsPC98_v2::playTrack() heap buffer-overflow (ASan)
ScummVM :: Bugs
trac at scummvm.org
Fri Apr 25 11:52:08 UTC 2025
#15901: KYRA: SoundTownsPC98_v2::playTrack() heap buffer-overflow (ASan)
---------------------+---------------------------
Reporter: dwatteau | Owner: (none)
Type: defect | Status: new
Priority: normal | Component: Engine: Kyra
Version: | Resolution:
Keywords: | Game: Kyrandia 2
---------------------+---------------------------
Comment (by dwatteau):
A bit more stuff from the debugger at that sage:
{{{
(lldb) frame select 6
frame #6: 0x0000000100cd7912
scummvm`Kyra::SoundTownsPC98_v2::playTrack(this=0x000060d000099600,
track='\x02') at sound_pc98_v2.cpp:130:24
127 int trackNum = -1;
128 if (_vm->gameFlags().platform == Common::kPlatformFMTowns)
{
129 for (uint i = 0; i < res()->cdaTableSize; i++) {
-> 130 if (track ==
(uint8)READ_LE_UINT16(&res()->cdaTable[i * 2])) {
131 trackNum =
(int)READ_LE_UINT16(&res()->cdaTable[i * 2 + 1]) - 1;
132 break;
133 }
(lldb) p *res()
(const Kyra::SoundResourceInfo_TownsPC98V2) {
fileList = 0x0000000000000000
fileListSize = 0
pattern = 0x0000000101a1ee40 "intro%d.twn"
cdaTable = 0x000060300024cfa0
cdaTableSize = 12
}
(lldb) p res()->cdaTableSize
(const uint) 12
(lldb) p i
(uint) 6
}}}
And in `SoundTownsPC98_v2::init()`, I do reach the part where
`_musicEnabled` is set to `2`.
--
Ticket URL: <https://bugs.scummvm.org/ticket/15901#comment:1>
ScummVM :: Bugs <https://bugs.scummvm.org>
ScummVM
More information about the Scummvm-tracker
mailing list