diff options
| author | Filippos Karapetis | 2019-09-14 20:52:06 +0300 |
|---|---|---|
| committer | Filippos Karapetis | 2019-09-14 20:53:10 +0300 |
| commit | 6accd633b8f98f419ec02233d3dce5acc080a014 (patch) | |
| tree | e8ac872ee5f2ed3b4053d3cada1501ca5d5b9068 | |
| parent | e55e429353264b1b4a592c430a3015ade6b271ed (diff) | |
| download | scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.gz scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.bz2 scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.zip | |
SCI: Add a sanity check when loading vocab 901 (suffixes)
An invalid access error, uncovered by the Span mechanism. Fixes the
QFG2 demo (bug #11147)
| -rw-r--r-- | engines/sci/parser/vocabulary.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/engines/sci/parser/vocabulary.cpp b/engines/sci/parser/vocabulary.cpp index 483fae277c..387ddef8bf 100644 --- a/engines/sci/parser/vocabulary.cpp +++ b/engines/sci/parser/vocabulary.cpp @@ -231,6 +231,12 @@ bool Vocabulary::loadSuffixes() { // Beginning of next string - skip leading '*' seeker++; + // The QFG2 demo vocab is truncated at the end. Check for such cases here + if (seeker >= resource->size()) { + warning("Vocabulary word from %s is truncated for suffix %d at %u", resource->name().c_str(), _parserSuffixes.size(), seeker); + break; + } + maxSize = resource->size() - seeker; suffix.word_suffix = (const char *)resource->getUnsafeDataAt(seeker, maxSize); suffix.word_suffix_length = Common::strnlen(suffix.word_suffix, maxSize); |