aboutsummaryrefslogtreecommitdiff
path: root/engines
diff options
context:
space:
mode:
authorCameron Cawley2019-12-15 23:29:40 +0000
committerPaul Gilbert2019-12-16 20:01:39 -0800
commit897e2f363c94a10077b64d70ba19de2cd43ce1fa (patch)
treed7c7dd003fdc56c304c2990779bb5db510dfe584 /engines
parent85383256c264aa0075cfdfb350582aeb21e318cc (diff)
downloadscummvm-rg350-897e2f363c94a10077b64d70ba19de2cd43ce1fa.tar.gz
scummvm-rg350-897e2f363c94a10077b64d70ba19de2cd43ce1fa.tar.bz2
scummvm-rg350-897e2f363c94a10077b64d70ba19de2cd43ce1fa.zip
GLK: LEVEL9: Fix crash in detection code
Diffstat (limited to 'engines')
-rw-r--r--engines/glk/level9/detection.cpp21
1 files changed, 16 insertions, 5 deletions
diff --git a/engines/glk/level9/detection.cpp b/engines/glk/level9/detection.cpp
index fef1baec46..bd1ea06a3b 100644
--- a/engines/glk/level9/detection.cpp
+++ b/engines/glk/level9/detection.cpp
@@ -64,8 +64,6 @@ const L9V1GameInfo &Scanner::v1Game() const {
}
long Scanner::scan(byte *startFile, uint32 size) {
- byte *Chk = (byte *)malloc(size + 1);
- byte *Image = (byte *)calloc(size, 1);
uint32 i, num, Size, MaxSize = 0;
int j;
uint16 d0 = 0, l9, md, ml, dd, dl;
@@ -73,6 +71,12 @@ long Scanner::scan(byte *startFile, uint32 size) {
long offset = -1;
bool JumpKill, DriverV4;
+ if (size < 33)
+ return -1;
+
+ byte *Chk = (byte *)malloc(size + 1);
+ byte *Image = (byte *)calloc(size, 1);
+
if ((Chk == nullptr) || (Image == nullptr)) {
error("Unable to allocate memory for game scan! Exiting...");
}
@@ -128,8 +132,6 @@ long Scanner::scan(byte *startFile, uint32 size) {
}
long Scanner::ScanV2(byte *startFile, uint32 size) {
- byte *Chk = (byte *)malloc(size + 1);
- byte *Image = (byte *)calloc(size, 1);
uint32 i, Size, MaxSize = 0, num;
int j;
uint16 d0 = 0, l9;
@@ -137,6 +139,12 @@ long Scanner::ScanV2(byte *startFile, uint32 size) {
long offset = -1;
bool JumpKill;
+ if (size < 28)
+ return -1;
+
+ byte *Chk = (byte *)malloc(size + 1);
+ byte *Image = (byte *)calloc(size, 1);
+
if ((Chk == nullptr) || (Image == nullptr)) {
error("Unable to allocate memory for game scan! Exiting...");
}
@@ -179,7 +187,6 @@ long Scanner::ScanV2(byte *startFile, uint32 size) {
}
long Scanner::ScanV1(byte *startFile, uint32 size) {
- byte *Image = (byte *)calloc(size, 1);
uint32 i, Size;
int Replace;
byte *ImagePtr;
@@ -191,6 +198,10 @@ long Scanner::ScanV1(byte *startFile, uint32 size) {
int dictOff1 = 0, dictOff2 = 0;
byte dictVal1 = 0xff, dictVal2 = 0xff;
+ if (size < 20)
+ return -1;
+
+ byte *Image = (byte *)calloc(size, 1);
if (Image == nullptr) {
error("Unable to allocate memory for game scan! Exiting...");
}