diff options
author | Colin Snover | 2017-11-17 19:17:01 -0600 |
---|---|---|
committer | Eugene Sandulenko | 2017-11-18 22:35:12 +0100 |
commit | d0efcb7ad54fab6c9192ef099c400fc217644493 (patch) | |
tree | a6e152dff05a197b35e465754ab959a710f086d9 | |
parent | 8808817d56d37a66eb6a590715035076fcc14ade (diff) | |
download | scummvm-rg350-d0efcb7ad54fab6c9192ef099c400fc217644493.tar.gz scummvm-rg350-d0efcb7ad54fab6c9192ef099c400fc217644493.tar.bz2 scummvm-rg350-d0efcb7ad54fab6c9192ef099c400fc217644493.zip |
FULLPIPE: Fix use-after-free in ModalMainMenu
Pointers to objects which are invalidated when the scene gets
unloaded may continue to be accessed if a mouse hover event is
dispatched to the ModalMainMenu.
-rw-r--r-- | engines/fullpipe/modal.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/engines/fullpipe/modal.cpp b/engines/fullpipe/modal.cpp index a513cd405c..e3d0ee0fe1 100644 --- a/engines/fullpipe/modal.cpp +++ b/engines/fullpipe/modal.cpp @@ -1338,6 +1338,9 @@ bool ModalMainMenu::handleMessage(ExCommand *message) { if (message->_messageKind != 17) return false; + if (!_scene) + return false; + Common::Point point; if (message->_messageNum == 29) { @@ -1412,6 +1415,7 @@ bool ModalMainMenu::init(int counterdiff) { case PIC_MNU_DEBUG_L: g_fp->_gameLoader->unloadScene(SC_MAINMENU); + _scene = nullptr; g_fp->_sceneRect = _screct; if (!g_fp->_currentScene) @@ -1427,6 +1431,7 @@ bool ModalMainMenu::init(int counterdiff) { case PIC_MNU_CONTINUE_L: if (!_mfield_34) { g_fp->_gameLoader->unloadScene(SC_MAINMENU); + _scene = nullptr; g_fp->_sceneRect = _screct; if (g_fp->_currentScene) { |