Fixed a potential bug that could cause memory to be read out-of-bounds.

(Unfortunately, this does not fix the Kyra bug I'm looking for.)

In the most extreme case:

* DR and RR will point to &DR_TABLE[60], and AR will point to &AR_TABLE[60]
* SLOT->KSR will be 0
* CH->kcode will be 15

In that case, it will attempt to access AR[15], RR[15] and DR[15], i.e.
AR_TABLE[75] and DR_TABLE[75]. So these arrays need to be 76 elements, not 75.

We used to initialise element 75, but this was changed to 74 to match the size
of the arrays. Buf if my reasoning is correct, it was the arrays that were too
small.

svn-id: r21301

2 files changed, 3 insertions, 3 deletions

diff --git a/sound/fmopl.cpp b/sound/fmopl.cpp
index faea609d21..e8f65833c9 100644
--- a/sound/fmopl.cpp
+++ b/sound/fmopl.cpp
@@ -587,7 +587,7 @@ static void init_timetables(FM_OPL *OPL, int ARRATE, int DRRATE) {
 		OPL->AR_TABLE[i] = (int)(rate / ARRATE);
 		OPL->DR_TABLE[i] = (int)(rate / DRRATE);
 	}
-	for (i = 60; i < 75; i++) {
+	for (i = 60; i < 76; i++) {
 		OPL->AR_TABLE[i] = EG_AED-1;
 		OPL->DR_TABLE[i] = OPL->DR_TABLE[60];
 	}
diff --git a/sound/fmopl.h b/sound/fmopl.h
index 1f1412ad74..5ce447e2b2 100644
--- a/sound/fmopl.h
+++ b/sound/fmopl.h
@@ -119,8 +119,8 @@ typedef struct fm_opl_f {
 	uint8 rythm;		/* Rythm mode , key flag */
 
 	/* time tables */
-	int AR_TABLE[75];	/* atttack rate tables				*/
-	int DR_TABLE[75];	/* decay rate tables				*/
+	int AR_TABLE[76];	/* atttack rate tables				*/
+	int DR_TABLE[76];	/* decay rate tables				*/
 	uint FN_TABLE[1024];/* fnumber -> increment counter		*/
 
 	/* LFO */