Increased _numNewNames from 50 to 100 to prevent overflow in MI2 endgame.

This should fix bug #936323. (There are still some game versions that use
50, but that can be fixed later, if the need arises.)

svn-id: r13598

2 files changed, 9 insertions, 2 deletions

diff --git a/scumm/resource.cpp b/scumm/resource.cpp
index 4dbd1ff6af..d204df526d 100644
--- a/scumm/resource.cpp
+++ b/scumm/resource.cpp
@@ -2111,7 +2111,8 @@ void ScummEngine::readMAXS() {
 		_numLocalObjects = _fileHandle.readUint16LE();   // 200
 		_numArray = 50;
 		_numVerbs = 100;
-		_numNewNames = 50;
+		// Used to be 50, which wasn't enough for MI2. See bug #936323.
+		_numNewNames = 100;
 		_objectRoomTable = NULL;
 
 		_fileHandle.readUint16LE();                      // 50
diff --git a/scumm/saveload.cpp b/scumm/saveload.cpp
index cea086a5b6..51a090b87a 100644
--- a/scumm/saveload.cpp
+++ b/scumm/saveload.cpp
@@ -823,7 +823,13 @@ void ScummEngine::saveLoadResource(Serializer *ser, int type, int idx) {
 					_inventory[idx] = ser->loadUint16();
 				}
 				if (type == rtObjectName && ser->getVersion() >= VER(25)) {
-					_newNames[idx] = ser->loadUint16();
+					// Paranoia: We increased the possible number of new names
+					// for MI2 to fix bug #936323. The savegame format didn't
+					// change, but at least during the transition period there
+					// is a slight chance that we try to load more names than
+					// we have allocated space for. If so, discard them.
+					if (idx < _numNewNames)
+						_newNames[idx] = ser->loadUint16();
 				}
 			}
 		}