HOPKINS: Enlarge _lockedAnims array to avoid potential out of bound access. CID 1004012

3 files changed, 5 insertions, 4 deletions

diff --git a/engines/hopkins/graphics.cpp b/engines/hopkins/graphics.cpp
index f978a5803f..c2c8b426e6 100644
--- a/engines/hopkins/graphics.cpp
+++ b/engines/hopkins/graphics.cpp
@@ -1012,7 +1012,7 @@ void GraphicsManager::endDisplayBob() {
 			_vm->_objectsMan->resetBob(idx);
 	}
 
-	for (int idx = 1; idx <= 29; ++idx) {
+	for (int idx = 1; idx < 36; ++idx) {
 		_vm->_objectsMan->_lockedAnims[idx]._enableFl = false;
 	}
 
diff --git a/engines/hopkins/objects.cpp b/engines/hopkins/objects.cpp
index 320a95ed33..b6b36c72f6 100644
--- a/engines/hopkins/objects.cpp
+++ b/engines/hopkins/objects.cpp
@@ -41,12 +41,13 @@ ObjectsManager::ObjectsManager(HopkinsEngine *vm) {
 	for (int i = 0; i < 6; ++i)
 		Common::fill((byte *)&_sprite[i], (byte *)&_sprite[i] + sizeof(SpriteItem), 0);
 
-	for (int i = 0; i < 36; ++i)
+	for (int i = 0; i < 36; ++i) {
 		Common::fill((byte *)&_bob[i], (byte *)&_bob[i] + sizeof(BobItem), 0);
+		Common::fill((byte *)&_lockedAnims[i], (byte *)&_lockedAnims[i] + sizeof(LockAnimItem), 0);
+	}
 
 	for (int i = 0; i < 30; ++i) {
 		Common::fill((byte *)&_vBob[i], (byte *)&_vBob[i] + sizeof(VBobItem), 0);
-		Common::fill((byte *)&_lockedAnims[i], (byte *)&_lockedAnims[i] + sizeof(LockAnimItem), 0);
 	}
 
 	for (int i = 0; i < 300; ++i)
diff --git a/engines/hopkins/objects.h b/engines/hopkins/objects.h
index a5e309344b..5f1f5b1f59 100644
--- a/engines/hopkins/objects.h
+++ b/engines/hopkins/objects.h
@@ -239,7 +239,7 @@ public:
 	byte *_headSprites;
 	SpriteItem _sprite[6];
 	BobItem _bob[36];
-	LockAnimItem _lockedAnims[30];
+	LockAnimItem _lockedAnims[36];
 	bool _charactersEnabledFl;
 	bool _refreshBobMode10Fl;