aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEugene Sandulenko2016-05-16 10:47:33 +0200
committerEugene Sandulenko2016-05-16 16:56:57 +0200
commitc341738ab89a54a067749025f7c59b8c83b05b86 (patch)
tree519cbbe0b3158a16e135fbb59cc4e3fb7c130f75
parentdd1838a3cbffa59f536f81536689fd2d87b672f4 (diff)
downloadscummvm-rg350-c341738ab89a54a067749025f7c59b8c83b05b86.tar.gz
scummvm-rg350-c341738ab89a54a067749025f7c59b8c83b05b86.tar.bz2
scummvm-rg350-c341738ab89a54a067749025f7c59b8c83b05b86.zip
SAGA: Fix potential buffer overrun.
If we have _statusTextInputPos as 256, we're doing incrementing to 257 and storing 0 there. This will lead to memory overwrite.
-rw-r--r--engines/saga/interface.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/engines/saga/interface.cpp b/engines/saga/interface.cpp
index cb09d53762..c16650ddf1 100644
--- a/engines/saga/interface.cpp
+++ b/engines/saga/interface.cpp
@@ -1170,7 +1170,7 @@ void Interface::processStatusTextInput(Common::KeyState keystate) {
_statusTextInputPos--;
_statusTextInputString[_statusTextInputPos] = 0;
default:
- if (_statusTextInputPos >= STATUS_TEXT_INPUT_MAX) {
+ if (_statusTextInputPos > STATUS_TEXT_INPUT_MAX) {
break;
}
if (Common::isAlnum(keystate.ascii) || (keystate.ascii == ' ')) {