From 99a707d89e62ef4a59a58e0e946ae3db9fe804fa Mon Sep 17 00:00:00 2001 From: Sven Hesse Date: Wed, 25 Jul 2007 20:36:14 +0000 Subject: Added a few safety checks. Now Woodruff shows the loading image (closely followed by a crash). svn-id: r28203 --- engines/gob/dataio.h | 2 +- engines/gob/game.cpp | 6 +++++- engines/gob/game.h | 2 +- engines/gob/game_v2.cpp | 8 ++++++-- engines/gob/inter_v1.cpp | 8 ++++++++ 5 files changed, 21 insertions(+), 5 deletions(-) (limited to 'engines/gob') diff --git a/engines/gob/dataio.h b/engines/gob/dataio.h index 3ea29c0efe..08498a4f7e 100644 --- a/engines/gob/dataio.h +++ b/engines/gob/dataio.h @@ -35,7 +35,7 @@ namespace Gob { #define MAX_FILES 30 #define MAX_DATA_FILES 8 -#define MAX_SLOT_COUNT 4 +#define MAX_SLOT_COUNT 8 class DataIO { public: diff --git a/engines/gob/game.cpp b/engines/gob/game.cpp index 561330deac..a5993fd1de 100644 --- a/engines/gob/game.cpp +++ b/engines/gob/game.cpp @@ -663,7 +663,7 @@ int16 Game::openLocTextFile(char *locTextFile, int language) { return _vm->_dataIO->openData(locTextFile); } -byte *Game::loadLocTexts(void) { +byte *Game::loadLocTexts(int32 *dataSize) { char locTextFile[20]; int16 handle; int i; @@ -689,6 +689,10 @@ byte *Game::loadLocTexts(void) { if (handle >= 0) { _vm->_dataIO->closeData(handle); + + if (dataSize) + *dataSize = _vm->_dataIO->getDataSize(locTextFile); + return _vm->_dataIO->getData(locTextFile); } return 0; diff --git a/engines/gob/game.h b/engines/gob/game.h index 2181d219f2..0cef993b40 100644 --- a/engines/gob/game.h +++ b/engines/gob/game.h @@ -215,7 +215,7 @@ protected: int16 adjustKey(int16 key); - byte *loadLocTexts(void); + byte *loadLocTexts(int32 *dataSize = 0); int32 loadTotFile(const char *path); void loadExtTable(void); void loadImFile(void); diff --git a/engines/gob/game_v2.cpp b/engines/gob/game_v2.cpp index 245c1f4544..d5c237c974 100644 --- a/engines/gob/game_v2.cpp +++ b/engines/gob/game_v2.cpp @@ -134,12 +134,16 @@ void Game_v2::playTot(int16 skipPlay) { totTextLoc = false; if (READ_LE_UINT32(filePtr) != (uint32) -1) { _totTextData = new TotTextTable; + + int32 size; + if (READ_LE_UINT32(filePtr) == 0) { - _totTextData->dataPtr = loadLocTexts(); + _totTextData->dataPtr = loadLocTexts(&size); totTextLoc = true; } else { _totTextData->dataPtr = (_totFileData + READ_LE_UINT32(_totFileData + 0x30)); + size = totSize; _vm->_global->_language = _vm->_global->_languageWanted; } @@ -147,7 +151,7 @@ void Game_v2::playTot(int16 skipPlay) { if (_totTextData->dataPtr != 0) { Common::MemoryReadStream totTextData(_totTextData->dataPtr, 4294967295U); - _totTextData->itemsCount = totTextData.readSint16LE(); + _totTextData->itemsCount = MIN(totTextData.readSint16LE(), (size - 2) / 4); _totTextData->items = new TotTextItem[_totTextData->itemsCount]; for (int i = 0; i < _totTextData->itemsCount; ++i) { diff --git a/engines/gob/inter_v1.cpp b/engines/gob/inter_v1.cpp index 0339cb7f44..bc7eb2ea11 100644 --- a/engines/gob/inter_v1.cpp +++ b/engines/gob/inter_v1.cpp @@ -1174,6 +1174,10 @@ bool Inter_v1::o1_loadCursor(OpFuncParams ¶ms) { id = load16(); index = (int8) *_vm->_global->_inter_execPtr++; + + if ((index * _vm->_draw->_cursorWidth) >= _vm->_draw->_cursorSprites->getWidth()) + return false; + itemPtr = &_vm->_game->_totResourceTable->items[id]; offset = itemPtr->offset; @@ -1896,6 +1900,10 @@ bool Inter_v1::o1_fillRect(OpFuncParams ¶ms) { _vm->_draw->_spriteBottom = _vm->_parse->parseValExpr(); _vm->_draw->_backColor = _vm->_parse->parseValExpr(); + + if (!_vm->_draw->_spritesArray[_vm->_draw->_destSurface]) + return false; + _vm->_draw->spriteOperation(DRAW_FILLRECT); return false; } -- cgit v1.2.3