diff options
| author | Eugene Sandulenko | 2014-02-09 22:01:29 +0200 |
|---|---|---|
| committer | Eugene Sandulenko | 2014-02-09 22:02:06 +0200 |
| commit | a12e32983c9cc9ba4c6b2ae9d2c4b96545df8bd7 (patch) | |
| tree | b87c53e4c7d5f74685dcab5965415992e3b0914d /engines | |
| parent | 2937727018eef69c30a758a31b6fe3a6158ee35e (diff) | |
| download | scummvm-rg350-a12e32983c9cc9ba4c6b2ae9d2c4b96545df8bd7.tar.gz scummvm-rg350-a12e32983c9cc9ba4c6b2ae9d2c4b96545df8bd7.tar.bz2 scummvm-rg350-a12e32983c9cc9ba4c6b2ae9d2c4b96545df8bd7.zip | |
FULLPIPE: Fix buffer overruns in scene27
Diffstat (limited to 'engines')
| -rw-r--r-- | engines/fullpipe/scenes.h | 2 | ||||
| -rw-r--r-- | engines/fullpipe/scenes/scene27.cpp | 18 |
2 files changed, 11 insertions, 9 deletions
diff --git a/engines/fullpipe/scenes.h b/engines/fullpipe/scenes.h index a83c288e82..0228d1feb0 100644 --- a/engines/fullpipe/scenes.h +++ b/engines/fullpipe/scenes.h @@ -201,7 +201,7 @@ struct BallChain { Ball *field_8; int numBalls; Ball *pTail; - Ball *cPlex; + byte *cPlex; int cPlexLen; BallChain() : pHead(0), field_8(0), pTail(0), numBalls(0), cPlex(0), cPlexLen(0) {} diff --git a/engines/fullpipe/scenes/scene27.cpp b/engines/fullpipe/scenes/scene27.cpp index 7564ea2d01..2024faf157 100644 --- a/engines/fullpipe/scenes/scene27.cpp +++ b/engines/fullpipe/scenes/scene27.cpp @@ -80,9 +80,9 @@ void scene27_initScene(Scene *sc) { Ball *lastP = g_vars->scene27_balls.field_8; if (!g_vars->scene27_balls.pTail) { - g_vars->scene27_balls.cPlex = (Ball *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball)); + g_vars->scene27_balls.cPlex = (byte *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball)); - Ball *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball); + byte *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball); if (g_vars->scene27_balls.cPlexLen - 1 < 0) { runPtr = g_vars->scene27_balls.pTail; @@ -90,8 +90,8 @@ void scene27_initScene(Scene *sc) { runPtr = g_vars->scene27_balls.pTail; for (int j = 0; j < g_vars->scene27_balls.cPlexLen; j++) { - p1->p1 = runPtr; - runPtr = p1; + ((Ball *)p1)->p1 = runPtr; + runPtr = (Ball *)p1; p1 -= sizeof(Ball); } @@ -458,10 +458,12 @@ void sceneHandler27_driverPushButton() { } void sceneHandler27_maidSwitchback() { +#ifndef DBG if (g_fp->getObjectState(sO_Maid) == g_fp->getObjectEnumState(sO_Maid, sO_WithSwab)) { g_vars->scene27_maid->changeStatics2(ST_MID_SWAB); g_vars->scene27_maid->startMQIfIdle(QU_MID_SWITCHBACK, 1); } +#endif } void sceneHandler27_batLogic() { @@ -570,9 +572,9 @@ void sceneHandler27_sub02() { StaticANIObject *newbat = g_vars->scene27_var07[i]->ani; if (!g_vars->scene27_balls.pTail) { - g_vars->scene27_balls.cPlex = (Ball *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball)); + g_vars->scene27_balls.cPlex = (byte *)calloc(g_vars->scene27_balls.cPlexLen, sizeof(Ball)); - Ball *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball); + byte *p1 = g_vars->scene27_balls.cPlex + (g_vars->scene27_balls.cPlexLen - 1) * sizeof(Ball); if (g_vars->scene27_balls.cPlexLen - 1 < 0) { runPtr = g_vars->scene27_balls.pTail; @@ -580,8 +582,8 @@ void sceneHandler27_sub02() { runPtr = g_vars->scene27_balls.pTail; for (int j = 0; j < g_vars->scene27_balls.cPlexLen; j++) { - p1->p1 = runPtr; - runPtr = p1; + ((Ball *)p1)->p1 = runPtr; + runPtr = (Ball *)p1; p1 -= sizeof(Ball); } |