From f0145e6dcd3f96225be7fc6c5b8aebce9ee545d8 Mon Sep 17 00:00:00 2001
From: Martin Kiewitz
Date: Wed, 23 Jun 2010 11:47:14 +0000
Subject: SCI: implementing boundary checking for GfxPalette::createFromData(),
 sq5 has a broken picture 0 resource, which would result in either crash or at
 least bad read from memory depending on whats read there

svn-id: r50178
---
 engines/sci/graphics/view.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'engines/sci/graphics/view.cpp')

diff --git a/engines/sci/graphics/view.cpp b/engines/sci/graphics/view.cpp
index 40e2a4fb30..f00d6a652d 100644
--- a/engines/sci/graphics/view.cpp
+++ b/engines/sci/graphics/view.cpp
@@ -62,6 +62,7 @@ void GfxView::initData(GuiResourceId resourceId) {
 		error("view resource %d not found", resourceId);
 	}
 	_resourceData = _resource->data;
+	_resourceSize = _resource->size;
 
 	byte *celData, *loopData;
 	uint16 celOffset;
@@ -114,7 +115,7 @@ void GfxView::initData(GuiResourceId resourceId) {
 			// On the other side: vga sci1 games have this pointing to a VGA palette
 			//  and ega sci1 games have this pointing to a 8x16 byte mapping table that needs to get applied then
 			if (!isEGA) {
-				_palette->createFromData(&_resourceData[palOffset], &_viewPalette);
+				_palette->createFromData(&_resourceData[palOffset], _resourceSize - palOffset, &_viewPalette);
 				_embeddedPal = true;
 			} else {
 				// Only use the EGA-mapping, when being SCI1
@@ -197,7 +198,7 @@ void GfxView::initData(GuiResourceId resourceId) {
 		assert(celSize >= 32);
 
 		if (palOffset) {
-			_palette->createFromData(&_resourceData[palOffset], &_viewPalette);
+			_palette->createFromData(&_resourceData[palOffset], _resourceSize - palOffset, &_viewPalette);
 			_embeddedPal = true;
 		}
 
-- 
cgit v1.2.3