From b2d5b403053623517b857598ce8ba1d8bdccc047 Mon Sep 17 00:00:00 2001 From: Strangerke Date: Sun, 21 Apr 2013 08:24:52 +0200 Subject: HOPKINS: Enlarge _lockedAnims array to avoid potential out of bound access. CID 1004012 --- engines/hopkins/graphics.cpp | 2 +- engines/hopkins/objects.cpp | 5 +++-- engines/hopkins/objects.h | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) (limited to 'engines/hopkins') diff --git a/engines/hopkins/graphics.cpp b/engines/hopkins/graphics.cpp index f978a5803f..c2c8b426e6 100644 --- a/engines/hopkins/graphics.cpp +++ b/engines/hopkins/graphics.cpp @@ -1012,7 +1012,7 @@ void GraphicsManager::endDisplayBob() { _vm->_objectsMan->resetBob(idx); } - for (int idx = 1; idx <= 29; ++idx) { + for (int idx = 1; idx < 36; ++idx) { _vm->_objectsMan->_lockedAnims[idx]._enableFl = false; } diff --git a/engines/hopkins/objects.cpp b/engines/hopkins/objects.cpp index 320a95ed33..b6b36c72f6 100644 --- a/engines/hopkins/objects.cpp +++ b/engines/hopkins/objects.cpp @@ -41,12 +41,13 @@ ObjectsManager::ObjectsManager(HopkinsEngine *vm) { for (int i = 0; i < 6; ++i) Common::fill((byte *)&_sprite[i], (byte *)&_sprite[i] + sizeof(SpriteItem), 0); - for (int i = 0; i < 36; ++i) + for (int i = 0; i < 36; ++i) { Common::fill((byte *)&_bob[i], (byte *)&_bob[i] + sizeof(BobItem), 0); + Common::fill((byte *)&_lockedAnims[i], (byte *)&_lockedAnims[i] + sizeof(LockAnimItem), 0); + } for (int i = 0; i < 30; ++i) { Common::fill((byte *)&_vBob[i], (byte *)&_vBob[i] + sizeof(VBobItem), 0); - Common::fill((byte *)&_lockedAnims[i], (byte *)&_lockedAnims[i] + sizeof(LockAnimItem), 0); } for (int i = 0; i < 300; ++i) diff --git a/engines/hopkins/objects.h b/engines/hopkins/objects.h index a5e309344b..5f1f5b1f59 100644 --- a/engines/hopkins/objects.h +++ b/engines/hopkins/objects.h @@ -239,7 +239,7 @@ public: byte *_headSprites; SpriteItem _sprite[6]; BobItem _bob[36]; - LockAnimItem _lockedAnims[30]; + LockAnimItem _lockedAnims[36]; bool _charactersEnabledFl; bool _refreshBobMode10Fl; -- cgit v1.2.3