From 0e48803b42ec570a4a7aa01222c44333543c990b Mon Sep 17 00:00:00 2001
From: Strangerke
Date: Sat, 15 Mar 2014 11:42:57 +0100
Subject: TUCKER: Add a safeguard in updateCharPosition() to avoid a potential
 out-of-bounds read, change the type of a variable to boolean

---
 engines/tucker/tucker.cpp | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/engines/tucker/tucker.cpp b/engines/tucker/tucker.cpp
index 1d38d0f806..68ffe5e5e5 100644
--- a/engines/tucker/tucker.cpp
+++ b/engines/tucker/tucker.cpp
@@ -855,35 +855,37 @@ void TuckerEngine::updateCharPosition() {
 	}
 	int actionKey = _currentActionObj2Num * 1000000 + _currentInfoString2SourceType * 100000 + _currentActionVerb * 10000 + _currentInfoString1SourceType * 1000 + _currentActionObj1Num;
 	debug(3, "updateCharPosition() actionKey %d",  actionKey);
-	int skip = 0;
-	Action *action = 0;
-	for (int i = 0; i < _actionsCount && skip == 0; ++i) {
+	bool skip = false;
+	Action *action = nullptr;
+	for (int i = 0; i < _actionsCount && !skip; ++i) {
 		action = &_actionsTable[i];
 		if (action->_key == actionKey) {
-			skip = 1;
+			skip = true;
 			if (action->_testFlag1Num != 0) {
 				if (action->_testFlag1Num < 500) {
+					if (action->_testFlag1Num >= 300)
+						error("updateCharPosition() - Unexpected value for _testFlag1Num : %d", action->_testFlag1Num);
 					if (_flagsTable[action->_testFlag1Num] != action->_testFlag1Value) {
-						skip = 0;
+						skip = false;
 					}
 				} else if (_inventoryItemsState[action->_testFlag1Num - 500] != action->_testFlag1Value) {
-					skip = 0;
+					skip = false;
 				}
 				debug(3, "updateCharPosition() flag1 %d value %d", action->_testFlag1Num, action->_testFlag1Value);
 			}
 			if (action->_testFlag2Num != 0) {
 				if (action->_testFlag2Num < 500) {
 					if (_flagsTable[action->_testFlag2Num] != action->_testFlag2Value) {
-						skip = 0;
+						skip = false;
 					}
 				} else if (_inventoryItemsState[action->_testFlag2Num - 500] != action->_testFlag2Value) {
-					skip = 0;
+					skip = false;
 				}
 				debug(3, "updateCharPosition() flag2 %d value %d", action->_testFlag2Num, action->_testFlag2Value);
 			}
 		}
 	}
-	if (skip == 0) {
+	if (!skip) {
 		playSpeechForAction(_currentActionVerb);
 		_currentActionVerb = 0;
 		return;
-- 
cgit v1.2.3