diff options
| author | Alyssa Milburn | 2011-06-28 15:34:09 +0200 |
|---|---|---|
| committer | Alyssa Milburn | 2011-06-28 15:34:09 +0200 |
| commit | ede71596ba43c777d13201757c974aa22fd0e8ec (patch) | |
| tree | 21c30a85c218558680bc05857eecfef2990095a6 /engines | |
| parent | c2e9319fa8101051a7f2dc9fda747c76164cb6d9 (diff) | |
| download | scummvm-rg350-ede71596ba43c777d13201757c974aa22fd0e8ec.tar.gz scummvm-rg350-ede71596ba43c777d13201757c974aa22fd0e8ec.tar.bz2 scummvm-rg350-ede71596ba43c777d13201757c974aa22fd0e8ec.zip | |
MOHAWK: Better sanity checks in LB scripting.
Diffstat (limited to 'engines')
| -rw-r--r-- | engines/mohawk/livingbooks.cpp | 8 | ||||
| -rw-r--r-- | engines/mohawk/livingbooks_code.cpp | 4 |
2 files changed, 11 insertions, 1 deletions
diff --git a/engines/mohawk/livingbooks.cpp b/engines/mohawk/livingbooks.cpp index 2e7f5e6d9d..248a9e607a 100644 --- a/engines/mohawk/livingbooks.cpp +++ b/engines/mohawk/livingbooks.cpp @@ -2016,6 +2016,8 @@ LBScriptEntry *LBItem::parseScriptEntry(uint16 type, uint16 &size, Common::Memor if (targetingType == kTargetTypeCode) error("encountered kTargetTypeCode"); + if (size < 2) + error("not enough bytes (%d) reading special targeting", size); uint16 count = stream->readUint16(); size -= 2; @@ -2026,6 +2028,8 @@ LBScriptEntry *LBItem::parseScriptEntry(uint16 type, uint16 &size, Common::Memor Common::String target = _vm->readString(stream); debug(4, "target '%s'", target.c_str()); entry->targets.push_back(target); + if (target.size() + 1 > size) + error("failed to read target (ran out of stream)"); size -= target.size() + 1; } entry->argc = entry->targets.size(); @@ -2134,6 +2138,8 @@ LBScriptEntry *LBItem::parseScriptEntry(uint16 type, uint16 &size, Common::Memor } if (conditionTag == 1) { + if (!size) + error("failed to read condition (empty stream)"); Common::String condition = _vm->readString(stream); if (condition.size() == 0) { size--; @@ -2148,6 +2154,8 @@ LBScriptEntry *LBItem::parseScriptEntry(uint16 type, uint16 &size, Common::Memor entry->conditions.push_back(condition); debug(4, "script entry condition '%s'", condition.c_str()); } else if (conditionTag == 2) { + if (size < 4) + error("expected more than %d bytes for conditionTag 2", size); // FIXME stream->skip(4); size -= 4; diff --git a/engines/mohawk/livingbooks_code.cpp b/engines/mohawk/livingbooks_code.cpp index 8791fc4330..e72318d86a 100644 --- a/engines/mohawk/livingbooks_code.cpp +++ b/engines/mohawk/livingbooks_code.cpp @@ -250,8 +250,10 @@ LBValue LBCode::runCode(byte terminator) { parseStatement(); if (_stack.size()) result = _stack.pop(); - if (_currToken == terminator || _currToken == kTokenEndOfFile) + if (_currToken == terminator || _currToken == kTokenEndOfFile) { + debugN("\n"); break; + } if (_currToken != kTokenEndOfStatement && _currToken != kTokenEndOfFile) error("missing EOS (got %02x)", _currToken); debugN("\n"); |