SCUMM: Use correct array size when calling initializeLocals()

The initializeLocals() function assumes that it can copy 25
elements when being provided an array of values. But this array
was frequently a lot smaller than that. I've introduced a constant
for the number of locals (though VirtualMachineState has one more
for some reason), and fixed the array sizes in a number of places.

CID 1003951, 1003952, 1003953, 1003955, 1003956, 1003959, 1003960,
1003961, 1003963, 100394, 1003965

4 files changed, 24 insertions, 21 deletions

diff --git a/engines/scumm/script.cpp b/engines/scumm/script.cpp
index 8587fb8092..59dfc229f2 100644
--- a/engines/scumm/script.cpp
+++ b/engines/scumm/script.cpp
@@ -138,10 +138,10 @@ void ScummEngine::runObjectScript(int object, int entry, bool freezeResistant, b
 void ScummEngine::initializeLocals(int slot, int *vars) {
 	int i;
 	if (!vars) {
-		for (i = 0; i < 25; i++)
+		for (i = 0; i < NUM_SCRIPT_LOCALS; i++)
 			vm.localvar[slot][i] = 0;
 	} else {
-		for (i = 0; i < 25; i++)
+		for (i = 0; i < NUM_SCRIPT_LOCALS; i++)
 			vm.localvar[slot][i] = vars[i];
 	}
 }
@@ -755,7 +755,7 @@ void ScummEngine::stopObjectCode() {
 }
 
 void ScummEngine::runInventoryScript(int i) {
-	int args[24];
+	int args[NUM_SCRIPT_LOCALS];
 	memset(args, 0, sizeof(args));
 	args[0] = i;
 	if (VAR(VAR_INVENTORY_SCRIPT)) {
@@ -1060,7 +1060,7 @@ void ScummEngine::doSentence(int verb, int objectA, int objectB) {
 
 void ScummEngine::checkAndRunSentenceScript() {
 	int i;
-	int localParamList[24];
+	int localParamList[NUM_SCRIPT_LOCALS];
 	const ScriptSlot *ss;
 	int sentenceScript;
 
@@ -1308,7 +1308,7 @@ void ScummEngine_v0::runSentenceScript() {
 }
 
 void ScummEngine_v2::runInputScript(int clickArea, int val, int mode) {
-	int args[24];
+	int args[NUM_SCRIPT_LOCALS];
 	int verbScript;
 
 	verbScript = 4;
@@ -1332,7 +1332,7 @@ void ScummEngine_v2::runInputScript(int clickArea, int val, int mode) {
 }
 
 void ScummEngine::runInputScript(int clickArea, int val, int mode) {
-	int args[24];
+	int args[NUM_SCRIPT_LOCALS];
 	int verbScript;
 
 	verbScript = VAR(VAR_VERB_SCRIPT);
@@ -1490,7 +1490,7 @@ void ScummEngine::beginCutscene(int *args) {
 
 void ScummEngine::endCutscene() {
 	ScriptSlot *ss = &vm.slot[_currentScript];
-	int args[16];
+	int args[NUM_SCRIPT_LOCALS];
 
 	if (ss->cutsceneOverride > 0)	// Only terminate if active
 		ss->cutsceneOverride--;
diff --git a/engines/scumm/script.h b/engines/scumm/script.h
index 7b2c625144..dd7368c196 100644
--- a/engines/scumm/script.h
+++ b/engines/scumm/script.h
@@ -66,13 +66,15 @@ struct OpcodeEntry : Common::NonCopyable {
 
 /**
  * The number of script slots, which determines the maximal number
- * of concurrently running scripts.
- * WARNING: Do NOT changes this value unless you really have to, as
+ * of concurrently running scripts, and the number of local variables
+ * in a script.
+ * WARNING: Do NOT changes these values unless you really have to, as
  * this will break savegame compatibility if done carelessly. If you
- * have to change it, make sure you update saveload.cpp accordingly!
+ * have to change them, make sure you update saveload.cpp accordingly!
  */
 enum {
-	NUM_SCRIPT_SLOT = 80
+	NUM_SCRIPT_SLOT = 80,
+	NUM_SCRIPT_LOCALS = 25
 };
 
 /* Script status type (slot.status) */
@@ -122,7 +124,8 @@ struct VirtualMachineState {
 	int16 cutSceneScriptIndex;
 	byte cutSceneStackPointer;
 	ScriptSlot slot[NUM_SCRIPT_SLOT];
-	int32 localvar[NUM_SCRIPT_SLOT][26];
+	// Why does localvar have space for one extra local variable?
+	int32 localvar[NUM_SCRIPT_SLOT][NUM_SCRIPT_LOCALS + 1];
 
 	NestedScript nest[kMaxScriptNesting];
 	byte numNestedScripts;
diff --git a/engines/scumm/script_v5.cpp b/engines/scumm/script_v5.cpp
index 0bf51a2816..0d3c2c9107 100644
--- a/engines/scumm/script_v5.cpp
+++ b/engines/scumm/script_v5.cpp
@@ -630,7 +630,7 @@ void ScummEngine_v5::o5_breakHere() {
 }
 
 void ScummEngine_v5::o5_chainScript() {
-	int vars[16];
+	int vars[NUM_SCRIPT_LOCALS];
 	int script;
 	int cur;
 
@@ -663,7 +663,7 @@ void ScummEngine_v5::o5_chainScript() {
 
 void ScummEngine_v5::o5_cursorCommand() {
 	int i, j, k;
-	int table[16];
+	int table[NUM_SCRIPT_LOCALS];
 	switch ((_opcode = fetchScriptByte()) & 0x1F) {
 	case 1:			// SO_CURSOR_ON
 		_cursor.state = 1;
@@ -736,7 +736,7 @@ void ScummEngine_v5::o5_cursorCommand() {
 }
 
 void ScummEngine_v5::o5_cutscene() {
-	int args[16];
+	int args[NUM_SCRIPT_LOCALS];
 	getWordVararg(args);
 	beginCutscene(args);
 }
@@ -2083,14 +2083,14 @@ void ScummEngine_v5::o5_isSoundRunning() {
 }
 
 void ScummEngine_v5::o5_soundKludge() {
-	int items[16];
+	int items[NUM_SCRIPT_LOCALS];
 	int num = getWordVararg(items);
 	_sound->soundKludge(items, num);
 }
 
 void ScummEngine_v5::o5_startObject() {
 	int obj, script;
-	int data[16];
+	int data[NUM_SCRIPT_LOCALS];
 
 	obj = getVarOrDirectWord(PARAM_1);
 	script = getVarOrDirectByte(PARAM_2);
@@ -2101,7 +2101,7 @@ void ScummEngine_v5::o5_startObject() {
 
 void ScummEngine_v5::o5_startScript() {
 	int op, script;
-	int data[16];
+	int data[NUM_SCRIPT_LOCALS];
 
 	op = _opcode;
 	script = getVarOrDirectByte(PARAM_1);
@@ -2556,7 +2556,7 @@ void ScummEngine_v5::o5_walkActorToObject() {
 int ScummEngine_v5::getWordVararg(int *ptr) {
 	int i;
 
-	for (i = 0; i < 16; i++)
+	for (i = 0; i < NUM_SCRIPT_LOCALS; i++)
 		ptr[i] = 0;
 
 	i = 0;
diff --git a/engines/scumm/scumm.cpp b/engines/scumm/scumm.cpp
index 3afeeda13d..ee459c07f5 100644
--- a/engines/scumm/scumm.cpp
+++ b/engines/scumm/scumm.cpp
@@ -2124,7 +2124,7 @@ load_game:
 
 		// HACK as in game save stuff isn't supported currently
 		if (_game.id == GID_LOOM) {
-			int args[16];
+			int args[NUM_SCRIPT_LOCALS];
 			uint var;
 			memset(args, 0, sizeof(args));
 			args[0] = 2;
@@ -2512,7 +2512,7 @@ void ScummEngine::restart() {
 }
 
 void ScummEngine::runBootscript() {
-	int args[16];
+	int args[NUM_SCRIPT_LOCALS];
 	memset(args, 0, sizeof(args));
 	args[0] = _bootParam;
 	if (_game.id == GID_MANIAC && (_game.features & GF_DEMO))