SCI: Add a sanity check when loading vocab 901 (suffixes)

An invalid access error, uncovered by the Span mechanism. Fixes the QFG2 demo (bug #11147)
author: Filippos Karapetis 2019-09-14 20:52:06 +0300
committer: Filippos Karapetis 2019-09-14 20:53:10 +0300
commit: 6accd633b8f98f419ec02233d3dce5acc080a014 (patch)
tree: e8ac872ee5f2ed3b4053d3cada1501ca5d5b9068 /engines/sci/parser
parent: e55e429353264b1b4a592c430a3015ade6b271ed (diff)
download: scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.gz
scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.bz2
scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/engines/sci/parser/vocabulary.cpp b/engines/sci/parser/vocabulary.cpp
index 483fae277c..387ddef8bf 100644
--- a/engines/sci/parser/vocabulary.cpp
+++ b/engines/sci/parser/vocabulary.cpp
@@ -231,6 +231,12 @@ bool Vocabulary::loadSuffixes() {
 		// Beginning of next string - skip leading '*'
 		seeker++;
 
+		// The QFG2 demo vocab is truncated at the end. Check for such cases here
+		if (seeker >= resource->size()) {
+			warning("Vocabulary word from %s is truncated for suffix %d at %u", resource->name().c_str(), _parserSuffixes.size(), seeker);
+			break;
+		}
+
 		maxSize = resource->size() - seeker;
 		suffix.word_suffix = (const char *)resource->getUnsafeDataAt(seeker, maxSize);
 		suffix.word_suffix_length = Common::strnlen(suffix.word_suffix, maxSize);
author	Filippos Karapetis	2019-09-14 20:52:06 +0300
committer	Filippos Karapetis	2019-09-14 20:53:10 +0300
commit	6accd633b8f98f419ec02233d3dce5acc080a014 (patch)
tree	e8ac872ee5f2ed3b4053d3cada1501ca5d5b9068 /engines/sci/parser
parent	e55e429353264b1b4a592c430a3015ade6b271ed (diff)
download	scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.gz scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.bz2 scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.zip