From 02fe2ded354ecbfd87acdc4493be4b41a759d1d9 Mon Sep 17 00:00:00 2001 From: Willem Jan Palenstijn Date: Sat, 1 Dec 2012 12:29:17 +0100 Subject: DREAMWEB: Check for exFrame data corruption on load This provides earlier detection for corrupted savegames caused by bug #3591088 --- engines/dreamweb/saveload.cpp | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/engines/dreamweb/saveload.cpp b/engines/dreamweb/saveload.cpp index 162ad53cde..8a0791d19b 100644 --- a/engines/dreamweb/saveload.cpp +++ b/engines/dreamweb/saveload.cpp @@ -574,6 +574,14 @@ void DreamWebEngine::savePosition(unsigned int slot, const char *descbuf) { delete outSaveFile; } + +// Utility struct for a savegame sanity check in loadPosition +struct FrameExtent { + uint16 start; + uint16 length; + bool operator<(const struct FrameExtent& other) const { return start flist; + for (unsigned int i = 0; i < kNumexobjects; ++i) { + if (_exData[i].mapad[0] != 0xff) { + FrameExtent fe; + Frame *frame = &_exFrames._frames[3*i+0]; + fe.start = frame->ptr(); + fe.length = frame->width * frame->height; + flist.push_back(fe); + + frame = &_exFrames._frames[3*i+1]; + fe.start = frame->ptr(); + fe.length = frame->width * frame->height; + flist.push_back(fe); + } + } + // ...and check if the frames overlap. + Common::sort(flist.begin(), flist.end(), Common::Less()); + Common::List::const_iterator iter; + uint16 curEnd = 0; + for (iter = flist.begin(); iter != flist.end(); ++iter) { + if (iter->start < curEnd) + error("exFrames data corruption in savegame"); + curEnd = iter->start + iter->length; + } + if (curEnd > _vars._exFramePos) { + if (curEnd > kExframeslen) + error("exFrames data corruption in savegame"); + warning("Fixing up exFramePos"); + _vars._exFramePos = curEnd; + } + // (end of sanity check) } // Count number of save files, and load their descriptions into _saveNames -- cgit v1.2.3