aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Hesse2007-07-25 20:36:14 +0000
committerSven Hesse2007-07-25 20:36:14 +0000
commit99a707d89e62ef4a59a58e0e946ae3db9fe804fa (patch)
treebc51be6e9c5512f65aa24e14e0b86a492413b2d5
parentd0780a59549cbbad11ffde3bb165722124c99fa4 (diff)
downloadscummvm-rg350-99a707d89e62ef4a59a58e0e946ae3db9fe804fa.tar.gz
scummvm-rg350-99a707d89e62ef4a59a58e0e946ae3db9fe804fa.tar.bz2
scummvm-rg350-99a707d89e62ef4a59a58e0e946ae3db9fe804fa.zip
Added a few safety checks. Now Woodruff shows the loading image (closely followed by a crash).
svn-id: r28203
-rw-r--r--engines/gob/dataio.h2
-rw-r--r--engines/gob/game.cpp6
-rw-r--r--engines/gob/game.h2
-rw-r--r--engines/gob/game_v2.cpp8
-rw-r--r--engines/gob/inter_v1.cpp8
5 files changed, 21 insertions, 5 deletions
diff --git a/engines/gob/dataio.h b/engines/gob/dataio.h
index 3ea29c0efe..08498a4f7e 100644
--- a/engines/gob/dataio.h
+++ b/engines/gob/dataio.h
@@ -35,7 +35,7 @@ namespace Gob {
#define MAX_FILES 30
#define MAX_DATA_FILES 8
-#define MAX_SLOT_COUNT 4
+#define MAX_SLOT_COUNT 8
class DataIO {
public:
diff --git a/engines/gob/game.cpp b/engines/gob/game.cpp
index 561330deac..a5993fd1de 100644
--- a/engines/gob/game.cpp
+++ b/engines/gob/game.cpp
@@ -663,7 +663,7 @@ int16 Game::openLocTextFile(char *locTextFile, int language) {
return _vm->_dataIO->openData(locTextFile);
}
-byte *Game::loadLocTexts(void) {
+byte *Game::loadLocTexts(int32 *dataSize) {
char locTextFile[20];
int16 handle;
int i;
@@ -689,6 +689,10 @@ byte *Game::loadLocTexts(void) {
if (handle >= 0) {
_vm->_dataIO->closeData(handle);
+
+ if (dataSize)
+ *dataSize = _vm->_dataIO->getDataSize(locTextFile);
+
return _vm->_dataIO->getData(locTextFile);
}
return 0;
diff --git a/engines/gob/game.h b/engines/gob/game.h
index 2181d219f2..0cef993b40 100644
--- a/engines/gob/game.h
+++ b/engines/gob/game.h
@@ -215,7 +215,7 @@ protected:
int16 adjustKey(int16 key);
- byte *loadLocTexts(void);
+ byte *loadLocTexts(int32 *dataSize = 0);
int32 loadTotFile(const char *path);
void loadExtTable(void);
void loadImFile(void);
diff --git a/engines/gob/game_v2.cpp b/engines/gob/game_v2.cpp
index 245c1f4544..d5c237c974 100644
--- a/engines/gob/game_v2.cpp
+++ b/engines/gob/game_v2.cpp
@@ -134,12 +134,16 @@ void Game_v2::playTot(int16 skipPlay) {
totTextLoc = false;
if (READ_LE_UINT32(filePtr) != (uint32) -1) {
_totTextData = new TotTextTable;
+
+ int32 size;
+
if (READ_LE_UINT32(filePtr) == 0) {
- _totTextData->dataPtr = loadLocTexts();
+ _totTextData->dataPtr = loadLocTexts(&size);
totTextLoc = true;
} else {
_totTextData->dataPtr =
(_totFileData + READ_LE_UINT32(_totFileData + 0x30));
+ size = totSize;
_vm->_global->_language = _vm->_global->_languageWanted;
}
@@ -147,7 +151,7 @@ void Game_v2::playTot(int16 skipPlay) {
if (_totTextData->dataPtr != 0) {
Common::MemoryReadStream totTextData(_totTextData->dataPtr,
4294967295U);
- _totTextData->itemsCount = totTextData.readSint16LE();
+ _totTextData->itemsCount = MIN<int32>(totTextData.readSint16LE(), (size - 2) / 4);
_totTextData->items = new TotTextItem[_totTextData->itemsCount];
for (int i = 0; i < _totTextData->itemsCount; ++i) {
diff --git a/engines/gob/inter_v1.cpp b/engines/gob/inter_v1.cpp
index 0339cb7f44..bc7eb2ea11 100644
--- a/engines/gob/inter_v1.cpp
+++ b/engines/gob/inter_v1.cpp
@@ -1174,6 +1174,10 @@ bool Inter_v1::o1_loadCursor(OpFuncParams &params) {
id = load16();
index = (int8) *_vm->_global->_inter_execPtr++;
+
+ if ((index * _vm->_draw->_cursorWidth) >= _vm->_draw->_cursorSprites->getWidth())
+ return false;
+
itemPtr = &_vm->_game->_totResourceTable->items[id];
offset = itemPtr->offset;
@@ -1896,6 +1900,10 @@ bool Inter_v1::o1_fillRect(OpFuncParams &params) {
_vm->_draw->_spriteBottom = _vm->_parse->parseValExpr();
_vm->_draw->_backColor = _vm->_parse->parseValExpr();
+
+ if (!_vm->_draw->_spritesArray[_vm->_draw->_destSurface])
+ return false;
+
_vm->_draw->spriteOperation(DRAW_FILLRECT);
return false;
}