From e97b1e560d4f3a0eed758047e8c40ecc69c98231 Mon Sep 17 00:00:00 2001 From: lolbot-iichan Date: Fri, 17 Aug 2018 00:19:20 +0300 Subject: WINTERMUTE: Check keyboard state array index vKeyToKeyCode() method was unsafe if vkey >= KEYSTATES_ARRAY_SIZE was provided, fixed --- engines/wintermute/base/base_keyboard_state.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/engines/wintermute/base/base_keyboard_state.cpp b/engines/wintermute/base/base_keyboard_state.cpp index 44da804b75..e35e544918 100644 --- a/engines/wintermute/base/base_keyboard_state.cpp +++ b/engines/wintermute/base/base_keyboard_state.cpp @@ -32,6 +32,8 @@ #include "common/system.h" #include "common/keyboard.h" +#define KEYSTATES_ARRAY_SIZE (Common::KEYCODE_UNDO + 1) // Hardcoded size for the common/keyboard.h enum + namespace Wintermute { IMPLEMENT_PERSISTENT(BaseKeyboardState, false) @@ -46,8 +48,8 @@ BaseKeyboardState::BaseKeyboardState(BaseGame *inGame) : BaseScriptable(inGame) _currentAlt = false; _currentControl = false; - _keyStates = new uint8[323]; // Hardcoded size for the common/keyboard.h enum - for (int i = 0; i < 323; i++) { + _keyStates = new uint8[KEYSTATES_ARRAY_SIZE]; + for (int i = 0; i < KEYSTATES_ARRAY_SIZE; i++) { _keyStates[i] = false; } } @@ -499,7 +501,7 @@ Common::KeyCode BaseKeyboardState::vKeyToKeyCode(uint32 vkey) { return Common::KEYCODE_SCROLLOCK; default: warning("Unknown VKEY: %d", vkey); - return (Common::KeyCode)vkey; + return (Common::KeyCode)(vkey < KEYSTATES_ARRAY_SIZE ? vkey : 0); break; } -- cgit v1.2.3