SCI: kStrAt / dont do call, when offset exceeds maxSize. fixes crash in kq5

svn-id: r45530
author: Martin Kiewitz 2009-10-30 10:06:35 +0000
committer: Martin Kiewitz 2009-10-30 10:06:35 +0000
commit: 0c2ab7182966b1897413e145fe80b95fca454edc (patch)
tree: a834818d174f188b20b53462e7c70a2a60245470 /engines/sci
parent: 4009f6836ba4aacc8630d88938b9ace1874ed972 (diff)
download: scummvm-rg350-0c2ab7182966b1897413e145fe80b95fca454edc.tar.gz
scummvm-rg350-0c2ab7182966b1897413e145fe80b95fca454edc.tar.bz2
scummvm-rg350-0c2ab7182966b1897413e145fe80b95fca454edc.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/engines/sci/engine/kstring.cpp b/engines/sci/engine/kstring.cpp
index 8e4f72631b..db218f5097 100644
--- a/engines/sci/engine/kstring.cpp
+++ b/engines/sci/engine/kstring.cpp
@@ -309,8 +309,11 @@ reg_t kStrAt(EngineState *s, int argc, reg_t *argv) {
 		newvalue = argv[2].toSint16();
 
 	if (dest_r.isRaw) {
-		// FIXME: in kq5 this here gets called with offset = 0xFFFF, we should implement maxSize check in here
-		//  i dont know the exact behaviour, so i dont know how to do this correctly
+		// in kq5 this here gets called with offset 0xFFFF
+		if ((int)offset > dest_r.maxSize) {
+			warning("kStrAt offset %X exceeds maxSize", offset);
+			return s->r_acc;
+		}
 		value = dest_r.raw[offset];
 		if (argc > 2) /* Request to modify this char */
 			dest_r.raw[offset] = newvalue;
author	Martin Kiewitz	2009-10-30 10:06:35 +0000
committer	Martin Kiewitz	2009-10-30 10:06:35 +0000
commit	0c2ab7182966b1897413e145fe80b95fca454edc (patch)
tree	a834818d174f188b20b53462e7c70a2a60245470 /engines/sci
parent	4009f6836ba4aacc8630d88938b9ace1874ed972 (diff)
download	scummvm-rg350-0c2ab7182966b1897413e145fe80b95fca454edc.tar.gz scummvm-rg350-0c2ab7182966b1897413e145fe80b95fca454edc.tar.bz2 scummvm-rg350-0c2ab7182966b1897413e145fe80b95fca454edc.zip