diff options
| author | Gregory Montoir | 2004-12-20 12:39:54 +0000 |
|---|---|---|
| committer | Gregory Montoir | 2004-12-20 12:39:54 +0000 |
| commit | 2919f4e11ed01cb8cb003aebbc47fc46ddd60c9b (patch) | |
| tree | 16b93e18e41b1b2909432b39b4cb2f56a0ac1dae /queen | |
| parent | a159f2cb76ce9d2c2050ec9291fbf4250c2dbf75 (diff) | |
| download | scummvm-rg350-2919f4e11ed01cb8cb003aebbc47fc46ddd60c9b.tar.gz scummvm-rg350-2919f4e11ed01cb8cb003aebbc47fc46ddd60c9b.tar.bz2 scummvm-rg350-2919f4e11ed01cb8cb003aebbc47fc46ddd60c9b.zip | |
Added check to prevent queueing invalid songs, and thus reading OOB...
svn-id: r16160
Diffstat (limited to 'queen')
| -rw-r--r-- | queen/music.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/queen/music.cpp b/queen/music.cpp index 9988026ebf..3a2cd770eb 100644 --- a/queen/music.cpp +++ b/queen/music.cpp @@ -80,6 +80,13 @@ static const byte mt32_to_gm[128] = { } bool MusicPlayer::queueSong(uint16 songNum) { + if (songNum >= _numSongs) { + // this happens at the end of the car chase, where we try to play song 176, + // see Sound::_tune[], entry 39 + warning("Trying to queue an invalid song number %d, max %d", songNum, _numSongs); + return false; + } + uint8 emptySlots = 0; for (int i = 0; i < MUSIC_QUEUE_SIZE; i++) if (!_songQueue[i]) @@ -257,7 +264,7 @@ static const byte mt32_to_gm[128] = { if (!songNum) { stopMusic(); return; - } + } byte *musicPtr = _musicData + songOffset(songNum); uint32 size = songLength(songNum); |