TITANIC: Fix access after free in filterConcepts loop

author: Paul Gilbert 2017-07-18 22:44:55 -0400
committer: Paul Gilbert 2017-07-18 22:44:55 -0400
commit: 559e6dafe1ea9c57dddca65d8e16e94ba88a4c40 (patch)
tree: fd73e1fe1dbdc8ff7a72e8add1e4ad26305fb119 /engines/titanic
parent: 60de2718bddeb1c14b3ec031d3a9fcc931bd38a3 (diff)
download: scummvm-rg350-559e6dafe1ea9c57dddca65d8e16e94ba88a4c40.tar.gz
scummvm-rg350-559e6dafe1ea9c57dddca65d8e16e94ba88a4c40.tar.bz2
scummvm-rg350-559e6dafe1ea9c57dddca65d8e16e94ba88a4c40.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/engines/titanic/true_talk/tt_parser.cpp b/engines/titanic/true_talk/tt_parser.cpp
index 2893c50a8d..adf008767f 100644
--- a/engines/titanic/true_talk/tt_parser.cpp
+++ b/engines/titanic/true_talk/tt_parser.cpp
@@ -1609,7 +1609,9 @@ bool TTparser::checkConcept2(TTconcept *concept, int conceptMode) {
 int TTparser::filterConcepts(int conceptMode, int conceptIndex) {
 	int result = 0;
 
-	for (TTconcept *currP = _conceptP; currP && !result; currP = currP->_nextP) {
+	for (TTconcept *nextP, *currP = _conceptP; currP && !result; currP = nextP) {
+		nextP = currP->_nextP;
+
 		if (checkConcept2(currP, conceptMode)) {
 			TTconcept **ptrPP = _sentenceConcept->setConcept(conceptIndex, currP);
 			TTconcept *newConcept = new TTconcept(*currP);
author	Paul Gilbert	2017-07-18 22:44:55 -0400
committer	Paul Gilbert	2017-07-18 22:44:55 -0400
commit	559e6dafe1ea9c57dddca65d8e16e94ba88a4c40 (patch)
tree	fd73e1fe1dbdc8ff7a72e8add1e4ad26305fb119 /engines/titanic
parent	60de2718bddeb1c14b3ec031d3a9fcc931bd38a3 (diff)
download	scummvm-rg350-559e6dafe1ea9c57dddca65d8e16e94ba88a4c40.tar.gz scummvm-rg350-559e6dafe1ea9c57dddca65d8e16e94ba88a4c40.tar.bz2 scummvm-rg350-559e6dafe1ea9c57dddca65d8e16e94ba88a4c40.zip