diff options
author | Cameron Cawley | 2019-12-15 23:29:40 +0000 |
---|---|---|
committer | Paul Gilbert | 2019-12-16 20:01:39 -0800 |
commit | 897e2f363c94a10077b64d70ba19de2cd43ce1fa (patch) | |
tree | d7c7dd003fdc56c304c2990779bb5db510dfe584 /engines | |
parent | 85383256c264aa0075cfdfb350582aeb21e318cc (diff) | |
download | scummvm-rg350-897e2f363c94a10077b64d70ba19de2cd43ce1fa.tar.gz scummvm-rg350-897e2f363c94a10077b64d70ba19de2cd43ce1fa.tar.bz2 scummvm-rg350-897e2f363c94a10077b64d70ba19de2cd43ce1fa.zip |
GLK: LEVEL9: Fix crash in detection code
Diffstat (limited to 'engines')
-rw-r--r-- | engines/glk/level9/detection.cpp | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/engines/glk/level9/detection.cpp b/engines/glk/level9/detection.cpp index fef1baec46..bd1ea06a3b 100644 --- a/engines/glk/level9/detection.cpp +++ b/engines/glk/level9/detection.cpp @@ -64,8 +64,6 @@ const L9V1GameInfo &Scanner::v1Game() const { } long Scanner::scan(byte *startFile, uint32 size) { - byte *Chk = (byte *)malloc(size + 1); - byte *Image = (byte *)calloc(size, 1); uint32 i, num, Size, MaxSize = 0; int j; uint16 d0 = 0, l9, md, ml, dd, dl; @@ -73,6 +71,12 @@ long Scanner::scan(byte *startFile, uint32 size) { long offset = -1; bool JumpKill, DriverV4; + if (size < 33) + return -1; + + byte *Chk = (byte *)malloc(size + 1); + byte *Image = (byte *)calloc(size, 1); + if ((Chk == nullptr) || (Image == nullptr)) { error("Unable to allocate memory for game scan! Exiting..."); } @@ -128,8 +132,6 @@ long Scanner::scan(byte *startFile, uint32 size) { } long Scanner::ScanV2(byte *startFile, uint32 size) { - byte *Chk = (byte *)malloc(size + 1); - byte *Image = (byte *)calloc(size, 1); uint32 i, Size, MaxSize = 0, num; int j; uint16 d0 = 0, l9; @@ -137,6 +139,12 @@ long Scanner::ScanV2(byte *startFile, uint32 size) { long offset = -1; bool JumpKill; + if (size < 28) + return -1; + + byte *Chk = (byte *)malloc(size + 1); + byte *Image = (byte *)calloc(size, 1); + if ((Chk == nullptr) || (Image == nullptr)) { error("Unable to allocate memory for game scan! Exiting..."); } @@ -179,7 +187,6 @@ long Scanner::ScanV2(byte *startFile, uint32 size) { } long Scanner::ScanV1(byte *startFile, uint32 size) { - byte *Image = (byte *)calloc(size, 1); uint32 i, Size; int Replace; byte *ImagePtr; @@ -191,6 +198,10 @@ long Scanner::ScanV1(byte *startFile, uint32 size) { int dictOff1 = 0, dictOff2 = 0; byte dictVal1 = 0xff, dictVal2 = 0xff; + if (size < 20) + return -1; + + byte *Image = (byte *)calloc(size, 1); if (Image == nullptr) { error("Unable to allocate memory for game scan! Exiting..."); } |