From 8a5ceb976804f51e60b94fcef73bc21b779eaac6 Mon Sep 17 00:00:00 2001
From: Johannes Schickel
Date: Sun, 9 Mar 2014 18:22:09 +0100
Subject: AGOS: Fix sound offset table access for StS 2 Mac/Amiga.

This (hopefully) fixes bug #6549: "#6549 AGOS: Simon2 Amiga Datafiles crashes with assertion in Intro".
I don't have any copy of StS 2 Mac/Amiga thus I cannot test this.

This bug was caused by a regression in c82a75df69aa5d8f36eae52deee508ef9a61e49e.
---
 engines/agos/sound.cpp | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'engines/agos/sound.cpp')

diff --git a/engines/agos/sound.cpp b/engines/agos/sound.cpp
index 1e299a06ed..812f46504f 100644
--- a/engines/agos/sound.cpp
+++ b/engines/agos/sound.cpp
@@ -121,8 +121,14 @@ Common::SeekableReadStream *BaseSound::getSoundStream(uint sound) const {
 	int i = 1;
 	while (_offsets[sound + i] == _offsets[sound])
 		i++;
+	uint end;
+	if (_offsets[sound + i] > _offsets[sound]) {
+		end = _offsets[sound + i];
+	} else {
+		end = file->size();
+	}
 
-	return new Common::SeekableSubReadStream(file, _offsets[sound], _offsets[sound + i], DisposeAfterUse::YES);
+	return new Common::SeekableSubReadStream(file, _offsets[sound], end, DisposeAfterUse::YES);
 }
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -442,12 +448,16 @@ void Sound::loadVoiceFile(const GameSpecificSettings *gss) {
 		if (file.open("voices.idx")) {
 			int end = file.size();
 			_filenums = (uint16 *)malloc((end / 6 + 1) * 2);
-			_offsets = (uint32 *)malloc((end / 6 + 1) * 4);
+			_offsets = (uint32 *)malloc((end / 6 + 1 + 1) * 4);
 
 			for (int i = 1; i <= end / 6; i++) {
 				_filenums[i] = file.readUint16BE();
 				_offsets[i] = file.readUint32BE();
 			}
+			// We need to add a terminator entry otherwise we get an out of
+			// bounds read when the offset table is accessed in
+			// BaseSound::getSoundStream.
+			_offsets[end / 6 + 1] = 0;
 
 			_hasVoiceFile = true;
 			return;
-- 
cgit v1.2.3