aboutsummaryrefslogtreecommitdiff
path: root/engines
diff options
context:
space:
mode:
authorStrangerke2013-10-25 08:10:38 +0200
committerStrangerke2013-10-25 08:10:38 +0200
commit7dc1ea9ada597146b96ee1bf4c26a105767d30e1 (patch)
treebbe1e6f776026a671b4687ba16cd354cda1109e1 /engines
parent8677f9aa3c689364fd1ca546520e07e65d742d71 (diff)
downloadscummvm-rg350-7dc1ea9ada597146b96ee1bf4c26a105767d30e1.tar.gz
scummvm-rg350-7dc1ea9ada597146b96ee1bf4c26a105767d30e1.tar.bz2
scummvm-rg350-7dc1ea9ada597146b96ee1bf4c26a105767d30e1.zip
AVALANCHE: Fix out of bounds reads (CID 1109653-1109655)
Diffstat (limited to 'engines')
-rw-r--r--engines/avalanche/avalot.cpp2
-rw-r--r--engines/avalanche/dialogs.cpp2
-rw-r--r--engines/avalanche/menu.cpp6
3 files changed, 7 insertions, 3 deletions
diff --git a/engines/avalanche/avalot.cpp b/engines/avalanche/avalot.cpp
index 9d65ed7484..b1bbf4ff09 100644
--- a/engines/avalanche/avalot.cpp
+++ b/engines/avalanche/avalot.cpp
@@ -1676,7 +1676,7 @@ void AvalancheEngine::flipRoom(Room room, byte ped) {
if (_room == kRoomLustiesRoom)
_enterCatacombsFromLustiesRoom = true;
- if (_room > kRoomMap)
+ if (room > kRoomMap)
return;
enterRoom(room, ped);
diff --git a/engines/avalanche/dialogs.cpp b/engines/avalanche/dialogs.cpp
index 8770e08d60..66d5be29b9 100644
--- a/engines/avalanche/dialogs.cpp
+++ b/engines/avalanche/dialogs.cpp
@@ -689,6 +689,7 @@ void Dialogs::displayText(Common::String text) {
if (_param == 0)
setBubbleStateNatural();
else if ((1 <= _param) && (_param <= 9)) {
+ assert(_param - 1 < _vm->_animation->kSpriteNumbMax);
AnimationType *spr = _vm->_animation->_sprites[_param - 1];
if ((_param > _vm->_animation->kSpriteNumbMax) || (!spr->_quick)) { // Not valid.
_vm->errorLed();
@@ -699,6 +700,7 @@ void Dialogs::displayText(Common::String text) {
// Quasi-peds. (This routine performs the same
// thing with QPs as triptype.chatter does with the
// sprites.)
+ assert(_param - 10 < 16);
PedType *quasiPed = &_vm->_peds[kQuasipeds[_param - 10]._whichPed];
_talkX = quasiPed->_x;
_talkY = quasiPed->_y; // Position.
diff --git a/engines/avalanche/menu.cpp b/engines/avalanche/menu.cpp
index bba8e862a9..a3b61b4af1 100644
--- a/engines/avalanche/menu.cpp
+++ b/engines/avalanche/menu.cpp
@@ -782,10 +782,12 @@ byte Menu::getNameChar(People whose) {
static const char ladChar[] = "ASCDMTRwLfgeIyPu";
static const char lassChar[] = "kG\0xB1o";
- if (whose < kPeopleArkata)
+ if (whose <= kPeopleJacques)
return ladChar[whose - kPeopleAvalot];
- else
+ else if ((whose >= kPeopleArkata) && (whose <= kPeopleWisewoman))
return lassChar[whose - kPeopleArkata];
+ else
+ error("getName() - Unexpected character id %d", (byte) whose);
}
Common::String Menu::getThing(byte which) {