From 0fbf90d14c531a9c0ff5490f6e81eeb3008e7cb6 Mon Sep 17 00:00:00 2001
From: Willem Jan Palenstijn
Date: Sun, 19 Jul 2015 20:25:29 +0200
Subject: MADE: Fix overflow in audio interpolation

The interpolation code for deltaType > 0 read past the end of the
workChunkSize-sized filled area of the buffer (which matches what MADE
did, as far as I can tell). Avoid this by repeating the last value.
---
 engines/made/sound.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/engines/made/sound.cpp b/engines/made/sound.cpp
index cf602a92bf..ad49031e7b 100644
--- a/engines/made/sound.cpp
+++ b/engines/made/sound.cpp
@@ -242,6 +242,11 @@ void decompressSound(byte *source, byte *dest, uint16 chunkSize, uint16 chunkCou
 		}
 
 		if (deltaType > 0) {
+			// NB: The original did not add this extra value at the end (as far
+			// as I can tell), and so technically read past the filled part of
+			// soundBuffer.
+			soundBuffer[workChunkSize] = soundBuffer[workChunkSize - 1];
+
 			if (deltaType == 1) {
 				for (i = 0; i < chunkSize - 1; i += 2) {
 					l = i / 2;
-- 
cgit v1.2.3