diff options
| author | Ludvig Strigeus | 2001-11-06 21:29:23 +0000 |
|---|---|---|
| committer | Ludvig Strigeus | 2001-11-06 21:29:23 +0000 |
| commit | 78413a1c438ac697cd37e444d1c05461cf8d1f0a (patch) | |
| tree | 3bce2f381c4c9c903b487e19de23acc68c764788 | |
| parent | 90cea864af14a784ef7fe26fbc8a58b911db6230 (diff) | |
| download | scummvm-rg350-78413a1c438ac697cd37e444d1c05461cf8d1f0a.tar.gz scummvm-rg350-78413a1c438ac697cd37e444d1c05461cf8d1f0a.tar.bz2 scummvm-rg350-78413a1c438ac697cd37e444d1c05461cf8d1f0a.zip | |
fix in save game loader,
sizeof(an element) * number of elements instead of sizeof(a pointer) fixed it,
buffer out of bounds read fixed in Scumm::isMaskActiveAt
svn-id: r3466
| -rw-r--r-- | gfx.cpp | 28 | ||||
| -rw-r--r-- | object.cpp | 2 | ||||
| -rw-r--r-- | resource.cpp | 5 | ||||
| -rw-r--r-- | saveload.cpp | 8 | ||||
| -rw-r--r-- | script.cpp | 1 | ||||
| -rw-r--r-- | scummvm.cpp | 6 | ||||
| -rw-r--r-- | windows.cpp | 8 |
7 files changed, 37 insertions, 21 deletions
@@ -83,10 +83,10 @@ void Scumm::initVirtScreen(int slot, int top, int height, bool twobufs, bool fou if (vs->scrollable) size += 320*4; - memset(createResource(rtBuffer, slot+1, size),0,size); + createResource(rtBuffer, slot+1, size); if (twobufs) { - memset(createResource(rtBuffer, slot+5, size),0x23,size); + createResource(rtBuffer, slot+5, size); } if (slot != 3) { @@ -320,7 +320,7 @@ void Scumm::initBGBuffers() { itemsize = (_scrHeight + 4) * 40; size = itemsize * gdi._numZBuffer; - memset(createResource(rtBuffer, 9, size), 0, size); + createResource(rtBuffer, 9, size); for (i=0; i<4; i++) gdi._imgBufOffs[i] = i*itemsize; @@ -1721,23 +1721,25 @@ void Scumm::setCursorHotspot2(int x,int y) { } byte Scumm::isMaskActiveAt(int l, int t, int r, int b, byte *mem) { - int w,h,inc,i; + int w,h,i; - if (l<0 || t<0) { - l = 0; - } + l>>=3; + if (l<0) l = 0; + if (t<0) t = 0; + + r>>=3; + if (r>39) r=39; - mem += b*40 + (l>>3); + mem += l + t*40; - w = (r>>3) - (l>>3) + 1; - inc = w+40; - h = b-t-1; + w = r-l; + h = b-t+1; do { - for(i=0; i<w; i++) + for(i=0; i<=w; i++) if (mem[i]) return true; - mem -= 40; + mem += 40; } while (--h); return false; diff --git a/object.cpp b/object.cpp index 0595f3389f..70a5c0045a 100644 --- a/object.cpp +++ b/object.cpp @@ -85,6 +85,8 @@ int Scumm::getObjectIndex(int object) { int Scumm::whereIsObject(int object) { int i; + assert(object>=0 && object < _numGlobalObjects); + if ((_objectFlagTable[object]&0xF)!=0xF) { for (i=0; i<_maxInventoryItems; i++) if (_inventory[i] == object) diff --git a/resource.cpp b/resource.cpp index c4451073c7..965ce97e3d 100644 --- a/resource.cpp +++ b/resource.cpp @@ -706,6 +706,7 @@ void Scumm::expireResources(uint32 size) { byte flag; byte best_counter; int best_type, best_res; + uint32 oldAllocatedSize; if (_expire_counter != 0xFF) { _expire_counter = 0xFF; @@ -715,6 +716,8 @@ void Scumm::expireResources(uint32 size) { if (size + _allocatedSize < _maxHeapThreshold) return; + oldAllocatedSize = _allocatedSize; + do { best_type = 0; best_counter = 2; @@ -735,6 +738,8 @@ void Scumm::expireResources(uint32 size) { break; nukeResource(best_type, best_res); } while (size + _allocatedSize > _minHeapThreshold); + + debug(1, "Expired resources, mem %d -> %d", oldAllocatedSize, _allocatedSize); } void Scumm::freeResources() { diff --git a/saveload.cpp b/saveload.cpp index c4dd27a3b4..db12578cde 100644 --- a/saveload.cpp +++ b/saveload.cpp @@ -79,12 +79,12 @@ bool Scumm::loadState(const char *filename) { CHECK_HEAP openRoom(-1); - memset(_inventory, 0, sizeof(_inventory)); + memset(_inventory, 0, sizeof(_inventory[0])*_numInventory); /* Nuke all resources */ - for (i=1; i<16; i++) - if (!(i==13 || i==12 || i==10 || res.mode[i])) - for(j=1; j<res.num[i]; j++) + for (i=1; i<=16; i++) + if (!(i==rtFlObject || i==rtTemp || i==rtBuffer || res.mode[i])) + for(j=0; j<res.num[i]; j++) nukeResource(i,j); initScummVars(); diff --git a/script.cpp b/script.cpp index 06d8d01176..0f26c56e27 100644 --- a/script.cpp +++ b/script.cpp @@ -707,6 +707,7 @@ int Scumm::getVerbEntrypoint(int obj, int entry) { return 0; objptr = getObjectAddress(obj); + assert(objptr); verbptr = findResource(MKID('VERB'), objptr, 0); if (verbptr==NULL) diff --git a/scummvm.cpp b/scummvm.cpp index 9e0f23b93c..16b789ed96 100644 --- a/scummvm.cpp +++ b/scummvm.cpp @@ -29,8 +29,9 @@ void Scumm::initThingsV5() { _numBitVariables = 2048; _numLocalObjects = 200; _numVerbs = 100; + _numInventory = 80; - _inventory = (uint16*)alloc(0x50 * sizeof(uint16)); + _inventory = (uint16*)alloc(_numInventory * sizeof(uint16)); _verbs = (VerbSlot*)alloc(100 * sizeof(VerbSlot)); _objs = (ObjectData*)alloc(200 * sizeof(ObjectData)); _vars = (int16*)alloc(800 * sizeof(int16)); @@ -85,9 +86,6 @@ void Scumm::scummInit() { initActor(a, 1); } -// memset(vm.vars, 0, sizeof(vm.vars)); -// memset(vm.bitvars, 0, sizeof(vm.bitvars)); - _defaultTalkDelay = 60; _vars[VAR_CHARINC] = 4; diff --git a/windows.cpp b/windows.cpp index bf8e13eb81..8c97bdf3ae 100644 --- a/windows.cpp +++ b/windows.cpp @@ -17,6 +17,11 @@ * * Change Log: * $Log$ + * Revision 1.13 2001/11/06 21:29:23 strigeus + * fix in save game loader, + * sizeof(an element) * number of elements instead of sizeof(a pointer) fixed it, + * buffer out of bounds read fixed in Scumm::isMaskActiveAt + * * Revision 1.12 2001/11/06 20:00:47 strigeus * full screen flag, * better mouse cursors, @@ -939,6 +944,9 @@ void initGraphics(Scumm *s, bool fullScreen) { void drawMouse(Scumm *s, int, int, int, byte*, bool) { } +void drawMouse(Scumm *s, int x, int y, int w, int h, byte *buf, bool visible) { +} + void fill_buffer(int16 *buf, int len) { #if defined(USE_IMUSE) sound.generate_samples(buf,len); |