diff options
| author | Travis Howell | 2006-05-04 06:18:19 +0000 |
|---|---|---|
| committer | Travis Howell | 2006-05-04 06:18:19 +0000 |
| commit | 0b4bbef76283e688c76399dc5bc0193b0b07e7cb (patch) | |
| tree | 21e029e9bb670fca39416624fb7c732a37181a65 | |
| parent | 0c8b0d9a9d759d5247cbc2f61b3a5ce86cfaadea (diff) | |
| download | scummvm-rg350-0b4bbef76283e688c76399dc5bc0193b0b07e7cb.tar.gz scummvm-rg350-0b4bbef76283e688c76399dc5bc0193b0b07e7cb.tar.bz2 scummvm-rg350-0b4bbef76283e688c76399dc5bc0193b0b07e7cb.zip | |
Don't read beyond imageCount, when looking for image
svn-id: r22330
| -rw-r--r-- | engines/simon/simon.cpp | 19 | ||||
| -rw-r--r-- | engines/simon/vga.cpp | 16 |
2 files changed, 27 insertions, 8 deletions
diff --git a/engines/simon/simon.cpp b/engines/simon/simon.cpp index 4066929a89..37670217e8 100644 --- a/engines/simon/simon.cpp +++ b/engines/simon/simon.cpp @@ -1414,7 +1414,7 @@ void SimonEngine::set_video_mode_internal(uint16 mode, uint16 vga_res_id) { uint num, num_lines; VgaPointersEntry *vpe; byte *bb, *b; - // uint16 count; + uint16 count; const byte *vc_ptr_org; _windowNum = mode; @@ -1454,18 +1454,27 @@ void SimonEngine::set_video_mode_internal(uint16 mode, uint16 vga_res_id) { if (getGameType() == GType_FF) { b = bb + READ_LE_UINT16(&((VgaFileHeader_Feeble *) bb)->hdr2_start); - //count = READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageCount); + count = READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageCount); b = bb + READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageTable); - while (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) != vga_res_id) + while (count--) { + if (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == vga_res_id) + break; b += sizeof(ImageHeader_Feeble); + } + assert(READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == vga_res_id); + } else { b = bb + READ_BE_UINT16(&((VgaFileHeader_Simon *) bb)->hdr2_start); - //count = READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageCount); + count = READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageCount); b = bb + READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageTable); - while (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) != vga_res_id) + while (count--) { + if (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == vga_res_id) + break; b += sizeof(ImageHeader_Simon); + } + assert(READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == vga_res_id); } if (getGameType() == GType_SIMON1) { diff --git a/engines/simon/vga.cpp b/engines/simon/vga.cpp index cf9e7789a6..9e85f7ae48 100644 --- a/engines/simon/vga.cpp +++ b/engines/simon/vga.cpp @@ -297,7 +297,7 @@ void SimonEngine::vc1_fadeOut() { void SimonEngine::vc2_call() { VgaPointersEntry *vpe; - uint16 num, res; + uint16 count, num, res; byte *old_file_1, *old_file_2; byte *b, *bb; const byte *vc_ptr_org; @@ -326,16 +326,26 @@ void SimonEngine::vc2_call() { bb = _curVgaFile1; if (getGameType() == GType_FF) { b = bb + READ_LE_UINT16(&((VgaFileHeader_Feeble *) bb)->hdr2_start); + count = READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageCount); b = bb + READ_LE_UINT16(&((VgaFileHeader2_Feeble *) b)->imageTable); - while (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) != num) + while (count--) { + if (READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == num) + break; b += sizeof(ImageHeader_Feeble); + } + assert(READ_LE_UINT16(&((ImageHeader_Feeble *) b)->id) == num); } else { b = bb + READ_BE_UINT16(&((VgaFileHeader_Simon *) bb)->hdr2_start); + count = READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageCount); b = bb + READ_BE_UINT16(&((VgaFileHeader2_Simon *) b)->imageTable); - while (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) != num) + while (count--) { + if (READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == num) + break; b += sizeof(ImageHeader_Simon); + } + assert(READ_BE_UINT16(&((ImageHeader_Simon *) b)->id) == num); } vc_ptr_org = _vcPtr; |