From 6accd633b8f98f419ec02233d3dce5acc080a014 Mon Sep 17 00:00:00 2001
From: Filippos Karapetis
Date: Sat, 14 Sep 2019 20:52:06 +0300
Subject: SCI: Add a sanity check when loading vocab 901 (suffixes)

An invalid access error, uncovered by the Span mechanism. Fixes the
QFG2 demo (bug #11147)
---
 engines/sci/parser/vocabulary.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'engines/sci')

diff --git a/engines/sci/parser/vocabulary.cpp b/engines/sci/parser/vocabulary.cpp
index 483fae277c..387ddef8bf 100644
--- a/engines/sci/parser/vocabulary.cpp
+++ b/engines/sci/parser/vocabulary.cpp
@@ -231,6 +231,12 @@ bool Vocabulary::loadSuffixes() {
 		// Beginning of next string - skip leading '*'
 		seeker++;
 
+		// The QFG2 demo vocab is truncated at the end. Check for such cases here
+		if (seeker >= resource->size()) {
+			warning("Vocabulary word from %s is truncated for suffix %d at %u", resource->name().c_str(), _parserSuffixes.size(), seeker);
+			break;
+		}
+
 		maxSize = resource->size() - seeker;
 		suffix.word_suffix = (const char *)resource->getUnsafeDataAt(seeker, maxSize);
 		suffix.word_suffix_length = Common::strnlen(suffix.word_suffix, maxSize);
-- 
cgit v1.2.3