aboutsummaryrefslogtreecommitdiff
path: root/engines/sci/parser
diff options
context:
space:
mode:
authorFilippos Karapetis2019-09-14 20:52:06 +0300
committerFilippos Karapetis2019-09-14 20:53:10 +0300
commit6accd633b8f98f419ec02233d3dce5acc080a014 (patch)
treee8ac872ee5f2ed3b4053d3cada1501ca5d5b9068 /engines/sci/parser
parente55e429353264b1b4a592c430a3015ade6b271ed (diff)
downloadscummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.gz
scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.tar.bz2
scummvm-rg350-6accd633b8f98f419ec02233d3dce5acc080a014.zip
SCI: Add a sanity check when loading vocab 901 (suffixes)
An invalid access error, uncovered by the Span mechanism. Fixes the QFG2 demo (bug #11147)
Diffstat (limited to 'engines/sci/parser')
-rw-r--r--engines/sci/parser/vocabulary.cpp6
1 files changed, 6 insertions, 0 deletions
diff --git a/engines/sci/parser/vocabulary.cpp b/engines/sci/parser/vocabulary.cpp
index 483fae277c..387ddef8bf 100644
--- a/engines/sci/parser/vocabulary.cpp
+++ b/engines/sci/parser/vocabulary.cpp
@@ -231,6 +231,12 @@ bool Vocabulary::loadSuffixes() {
// Beginning of next string - skip leading '*'
seeker++;
+ // The QFG2 demo vocab is truncated at the end. Check for such cases here
+ if (seeker >= resource->size()) {
+ warning("Vocabulary word from %s is truncated for suffix %d at %u", resource->name().c_str(), _parserSuffixes.size(), seeker);
+ break;
+ }
+
maxSize = resource->size() - seeker;
suffix.word_suffix = (const char *)resource->getUnsafeDataAt(seeker, maxSize);
suffix.word_suffix_length = Common::strnlen(suffix.word_suffix, maxSize);