GROOVIE: Add sanity checks and range limits to copyRect opcode param.

This prevents segfault crashes in "The 11th Hour" when you open the
Gamebook palmtop from the top of the screen. The opcode needs some
work on the changes from 7th Guest, but this will prevent crashes
while this is being worked on.

1 files changed, 39 insertions, 0 deletions

diff --git a/engines/groovie/script.cpp b/engines/groovie/script.cpp
index 25c421f699..308811635e 100644
--- a/engines/groovie/script.cpp
+++ b/engines/groovie/script.cpp
@@ -1219,6 +1219,45 @@ void Script::o_copyrecttobg() {	// 0x37
 	uint16 top = readScript16bits();
 	uint16 right = readScript16bits();
 	uint16 bottom = readScript16bits();
+
+	// Sanity checks to prevent bad pointer access crashes
+	if (left > right) {
+		warning("COPYRECT left:%d > right:%d", left, right);
+		// swap over left and right parameters
+		uint16 j;
+		j = right;
+		right = left;
+		left = j;
+	}
+	if (top > bottom) {
+		warning("COPYRECT top:%d > bottom:%d", top, bottom);
+		// swap over top and bottom parameters
+		uint16 j;
+		j = bottom;
+		bottom = top;
+		top = j;
+	}
+	if (top < 80) {
+		warning("COPYRECT top < 80... clamping");
+		top = 80;
+	}
+	if (top >= 480) {
+		warning("COPYRECT top >= 480... clamping");
+		top = 480 - 1;
+	}
+	if (bottom >= 480) {
+		warning("COPYRECT bottom >= 480... clamping");
+		bottom = 480 - 1;
+	}
+	if (left >= 640) {
+		warning("COPYRECT left >= 640... clamping");
+		left = 640 - 1;
+	}
+	if (right >= 640) {
+		warning("COPYRECT right >= 640... clamping");
+		right = 640 - 1;
+	}
+
 	uint16 i, width = right - left, height = bottom - top;
 	uint32 offset = 0;
 	byte *fg, *bg;