Properly guarding Script::getOffset() and adding a reverse operation

svn-id: r41782

3 files changed, 16 insertions, 2 deletions

diff --git a/engines/gob/expression.cpp b/engines/gob/expression.cpp
index 61833a8ed6..61376b2212 100644
--- a/engines/gob/expression.cpp
+++ b/engines/gob/expression.cpp
@@ -94,8 +94,7 @@ byte *Expression::decodePtr(int32 n) {
 
 	switch (n >> 28) {
 	case kExecPtr:
-		ptr = _vm->_game->_script->getData();
-		break;
+		return _vm->_game->_script->getData((n & 0x0FFFFFFF));
 	case kInterVar:
 		ptr = (byte *) _vm->_inter->_variables->getAddressOff8(0);
 		break;
diff --git a/engines/gob/script.cpp b/engines/gob/script.cpp
index 50a21014de..abcc4511b3 100644
--- a/engines/gob/script.cpp
+++ b/engines/gob/script.cpp
@@ -123,9 +123,21 @@ int32 Script::getOffset(byte *ptr) {
 	if (!_totData)
 		return -1;
 
+	if ((ptr < _totData) || (ptr >= (_totData + _totSize)))
+		return -1;
+
 	return ptr - _totData;
 }
 
+byte *Script::getData(int32 offset) {
+	if (!_totData)
+		return 0;
+	if ((offset < 0) || (((uint32) offset) >= _totSize))
+		return 0;
+
+	return _totData + offset;
+}
+
 byte *Script::getData() {
 	return _totData;
 }
diff --git a/engines/gob/script.h b/engines/gob/script.h
index 4e1457552e..697bad344d 100644
--- a/engines/gob/script.h
+++ b/engines/gob/script.h
@@ -90,6 +90,9 @@ public:
 
 	/** Returns the offset the specified pointer is within the script data. */
 	int32 getOffset(byte *ptr);
+	/** Returns the data pointer to the offset. */
+	byte *getData(int32 offset);
+
 	/** Returns the raw data pointer. */
 	byte *getData();