From f5a83adc01719b8409af12bd864e852bbb1de765 Mon Sep 17 00:00:00 2001
From: Martin Kiewitz
Date: Tue, 9 Feb 2016 12:47:45 +0100
Subject: AGI: Fix various CIDs

CID 1350104: regression from graphics rewrite in C64 picture drawing
CID 1350101: potential buffer overflow in set.simple command
CID 1350112: uninitialized variable in TextMgr
CID 1350113: false positive uninitialized variable in SystemUI
CID 1350114: potentially uninitialized variable in IIgsSample
CID 1350117: false positive uninitialized variable in InventoryMgr
CID 1350103: code bug in CGA rendering TextMgr::charAttrib_Set()
CID 1350109: false positive in GfxFont::loadFontAmigaPseudoTopaz()
CID 1350111: original AGI uninitialized memory issue
             in SpritesMgr::showObject
---
 engines/agi/font.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'engines/agi/font.cpp')

diff --git a/engines/agi/font.cpp b/engines/agi/font.cpp
index 670c1bf575..5c5ea51be8 100644
--- a/engines/agi/font.cpp
+++ b/engines/agi/font.cpp
@@ -829,6 +829,10 @@ void GfxFont::loadFontAmigaPseudoTopaz() {
 			assert((topazBitOffset & 7) == 0);
 
 			topazByteOffset = topazBitOffset >> 3;
+
+			// Security check, although we are working on static const data from within ScummVM
+			assert((topazByteOffset + ((topazHeight - 1) * topazModulo)) < sizeof(fontData_AmigaPseudoTopaz));
+
 			for (uint16 curHeight = 0; curHeight < topazHeight; curHeight++) {
 				*fontData = topazData[topazByteOffset];
 				fontData++;
-- 
cgit v1.2.3