From 8e235f07a762ea281d0ce366242522b84c518e3b Mon Sep 17 00:00:00 2001 From: Bastien Bouclet Date: Tue, 29 Aug 2017 21:34:51 +0200 Subject: PEGASUS: Disallow loading / saving from the GMM from inner loops InputDeviceManager::pumpEvents is called from neighborhood classes that are destroyed when loading. Don't allow loading from that method to prevent use after free bugs. --- engines/pegasus/input.cpp | 8 ++++++++ engines/pegasus/neighborhood/mars/mars.cpp | 8 ++------ 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/engines/pegasus/input.cpp b/engines/pegasus/input.cpp index 47ec44a736..36a84dbd3c 100644 --- a/engines/pegasus/input.cpp +++ b/engines/pegasus/input.cpp @@ -223,10 +223,18 @@ bool InputDeviceManager::notifyEvent(const Common::Event &event) { } void InputDeviceManager::pumpEvents() { + PegasusEngine *vm = ((PegasusEngine *)g_engine); + + bool saveAllowed = vm->swapSaveAllowed(false); + bool openAllowed = vm->swapLoadAllowed(false); + // Just poll for events. notifyEvent() will pick up on them. Common::Event event; while (g_system->getEventManager()->pollEvent(event)) ; + + vm->swapSaveAllowed(saveAllowed); + vm->swapLoadAllowed(openAllowed); } int operator==(const Input &arg1, const Input &arg2) { diff --git a/engines/pegasus/neighborhood/mars/mars.cpp b/engines/pegasus/neighborhood/mars/mars.cpp index 432909596e..6e3795d250 100644 --- a/engines/pegasus/neighborhood/mars/mars.cpp +++ b/engines/pegasus/neighborhood/mars/mars.cpp @@ -2422,9 +2422,7 @@ void Mars::doCanyonChase() { _vm->drawScaledFrame(frame, 0, 0); } - Common::Event event; - while (g_system->getEventManager()->pollEvent(event)) - ; + InputDevice.pumpEvents(); g_system->delayMillis(10); } @@ -3055,9 +3053,7 @@ void Mars::transportToRobotShip() { _vm->drawScaledFrame(frame, 0, 0); } - Common::Event event; - while (g_system->getEventManager()->pollEvent(event)) - ; + InputDevice.pumpEvents(); g_system->delayMillis(10); } -- cgit v1.2.3