diff options
| author | Colin Snover | 2016-12-02 15:48:21 -0600 |
|---|---|---|
| committer | Colin Snover | 2016-12-03 12:21:55 -0600 |
| commit | d03508e8ce7eebc2b122e62f35acd4d6033c4b36 (patch) | |
| tree | d3f180a6889acedc2dcabfea7f4c20395cb9a7da /engines | |
| parent | bf293fface3d2eaf62466dca675c65118f347248 (diff) | |
| download | scummvm-rg350-d03508e8ce7eebc2b122e62f35acd4d6033c4b36.tar.gz scummvm-rg350-d03508e8ce7eebc2b122e62f35acd4d6033c4b36.tar.bz2 scummvm-rg350-d03508e8ce7eebc2b122e62f35acd4d6033c4b36.zip | |
SCI: Fix buffer overflow in AmigaMac sound driver
Diffstat (limited to 'engines')
| -rw-r--r-- | engines/sci/sound/drivers/amigamac.cpp | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/engines/sci/sound/drivers/amigamac.cpp b/engines/sci/sound/drivers/amigamac.cpp index 031fd32164..f5daab726e 100644 --- a/engines/sci/sound/drivers/amigamac.cpp +++ b/engines/sci/sound/drivers/amigamac.cpp @@ -144,7 +144,7 @@ private: void setEnvelope(Voice *channel, Envelope *envelope, int phase); void setOutputFrac(int voice); - int interpolate(int8 *samples, frac_t offset, bool isUnsigned); + int interpolate(int8 *samples, frac_t offset, uint32 maxOffset, bool isUnsigned); void playInstrument(int16 *dest, Voice *channel, int count); void changeInstrument(int channel, int instrument); void stopChannel(int ch); @@ -169,17 +169,18 @@ void MidiDriver_AmigaMac::setEnvelope(Voice *channel, Envelope *envelope, int ph channel->velocity = envelope[phase - 1].target; } -int MidiDriver_AmigaMac::interpolate(int8 *samples, frac_t offset, bool isUnsigned) { - int x = fracToInt(offset); +int MidiDriver_AmigaMac::interpolate(int8 *samples, frac_t offset, uint32 maxOffset, bool isUnsigned) { + uint x = fracToInt(offset); + uint x2 = x == maxOffset ? 0 : x + 1; if (isUnsigned) { int s1 = (byte)samples[x] - 0x80; - int s2 = (byte)samples[x + 1] - 0x80; + int s2 = (byte)samples[x2] - 0x80; int diff = (s2 - s1) << 8; return (s1 << 8) + fracToInt(diff * (offset & FRAC_LO_MASK)); } - int diff = (samples[x + 1] - samples[x]) << 8; + int diff = (samples[x2] - samples[x]) << 8; return (samples[x] << 8) + fracToInt(diff * (offset & FRAC_LO_MASK)); } @@ -220,7 +221,7 @@ void MidiDriver_AmigaMac::playInstrument(int16 *dest, Voice *channel, int count) amount = channel->envelope_samples; for (i = 0; i < amount; i++) { - dest[index++] = interpolate(samples, channel->offset, instrument->isUnsigned) * channel->velocity / 64 * channel->note_velocity * vol / (127 * 127); + dest[index++] = interpolate(samples, channel->offset, seg_end, instrument->isUnsigned) * channel->velocity / 64 * channel->note_velocity * vol / (127 * 127); channel->offset += channel->rate; } |