diff options
| author | Colin Snover | 2016-12-10 19:18:34 -0600 |
|---|---|---|
| committer | Colin Snover | 2016-12-10 19:34:19 -0600 |
| commit | 22398e571bf8b4cfb04fcd00ffcef81eeb998d66 (patch) | |
| tree | 4ec8abb21dabdb7b7c22cfe1a862b1caf17dd246 | |
| parent | 8d9ddcfc2ba6801c0738f56dcdd9cabc33da31ef (diff) | |
| download | scummvm-rg350-22398e571bf8b4cfb04fcd00ffcef81eeb998d66.tar.gz scummvm-rg350-22398e571bf8b4cfb04fcd00ffcef81eeb998d66.tar.bz2 scummvm-rg350-22398e571bf8b4cfb04fcd00ffcef81eeb998d66.zip | |
SCI: Fix buffer overflows in GfxPicture circle drawing
Fixes Trac#9660.
| -rw-r--r-- | engines/sci/graphics/picture.cpp | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/engines/sci/graphics/picture.cpp b/engines/sci/graphics/picture.cpp index 75a885da57..864327feaa 100644 --- a/engines/sci/graphics/picture.cpp +++ b/engines/sci/graphics/picture.cpp @@ -1212,6 +1212,7 @@ void GfxPicture::vectorPatternTexturedBox(Common::Rect box, byte color, byte pri void GfxPicture::vectorPatternCircle(Common::Rect box, byte size, byte color, byte prio, byte control) { byte flag = _screen->getDrawingMask(color, prio, control); + assert(size < ARRAYSIZE(vectorPatternCircles)); const byte *circleData = vectorPatternCircles[size]; byte bitmap = *circleData; byte bitNo = 0; @@ -1219,21 +1220,23 @@ void GfxPicture::vectorPatternCircle(Common::Rect box, byte size, byte color, by for (y = box.top; y < box.bottom; y++) { for (x = box.left; x < box.right; x++) { + if (bitNo == 8) { + circleData++; + bitmap = *circleData; + bitNo = 0; + } if (bitmap & 1) { _screen->vectorPutPixel(x, y, flag, color, prio, control); } bitNo++; - if (bitNo == 8) { - circleData++; bitmap = *circleData; bitNo = 0; - } else { - bitmap = bitmap >> 1; - } + bitmap >>= 1; } } } void GfxPicture::vectorPatternTexturedCircle(Common::Rect box, byte size, byte color, byte prio, byte control, byte texture) { byte flag = _screen->getDrawingMask(color, prio, control); + assert(size < ARRAYSIZE(vectorPatternCircles)); const byte *circleData = vectorPatternCircles[size]; byte bitmap = *circleData; byte bitNo = 0; @@ -1242,6 +1245,11 @@ void GfxPicture::vectorPatternTexturedCircle(Common::Rect box, byte size, byte c for (y = box.top; y < box.bottom; y++) { for (x = box.left; x < box.right; x++) { + if (bitNo == 8) { + circleData++; + bitmap = *circleData; + bitNo = 0; + } if (bitmap & 1) { if (*textureData) { _screen->vectorPutPixel(x, y, flag, color, prio, control); @@ -1249,11 +1257,7 @@ void GfxPicture::vectorPatternTexturedCircle(Common::Rect box, byte size, byte c textureData++; } bitNo++; - if (bitNo == 8) { - circleData++; bitmap = *circleData; bitNo = 0; - } else { - bitmap = bitmap >> 1; - } + bitmap >>= 1; } } } |