From 08be91604900f0d43380b3429a2aef87378c710f Mon Sep 17 00:00:00 2001
From: Torbjörn Andersson
Date: Tue, 4 Jun 2013 06:11:41 +0200
Subject: SCUMM: Verify sample width in Digital iMUSE callback. CID 1002112

Verify that 'bits' really is one of 8, 12 or 16 before decoding
the data. It's probably always the case (unless the data files are
damaged) but if it isn't we'll either try to queue NULL to the
audio stream, or queue the same buffer more than once, or free the
buffer more than once. All of which are bad, though Coverity only
noticed the last of these cases.
---
 engines/scumm/imuse_digi/dimuse.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'engines/scumm/imuse_digi/dimuse.cpp')

diff --git a/engines/scumm/imuse_digi/dimuse.cpp b/engines/scumm/imuse_digi/dimuse.cpp
index eb3717494f..a737539c44 100644
--- a/engines/scumm/imuse_digi/dimuse.cpp
+++ b/engines/scumm/imuse_digi/dimuse.cpp
@@ -275,9 +275,12 @@ void IMuseDigital::callback() {
 						feedSize &= ~1;
 					if (channels == 2)
 						feedSize &= ~3;
-				} else {
+				} else if (bits == 8) {
 					if (channels == 2)
 						feedSize &= ~1;
+				} else {
+					warning("IMuseDigita::callback: Unexpected sample width, %d bits", bits);
+					continue;
 				}
 
 				if (feedSize == 0)
-- 
cgit v1.2.3