From 6eeebfb19125b79e4a77e8c35a0d04cf1a5d97bd Mon Sep 17 00:00:00 2001 From: Max Horn Date: Mon, 4 Apr 2011 09:56:50 +0200 Subject: SCUMM: Check for cutSceneStackPointer underflows --- engines/scumm/script.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'engines/scumm/script.cpp') diff --git a/engines/scumm/script.cpp b/engines/scumm/script.cpp index eac2061560..a76461f579 100644 --- a/engines/scumm/script.cpp +++ b/engines/scumm/script.cpp @@ -1283,7 +1283,8 @@ void ScummEngine::beginCutscene(int *args) { int scr = _currentScript; vm.slot[scr].cutsceneOverride++; - if (++vm.cutSceneStackPointer > ARRAYSIZE(vm.cutSceneData)) + ++vm.cutSceneStackPointer; + if (vm.cutSceneStackPointer > ARRAYSIZE(vm.cutSceneData)) error("Cutscene stack overflow"); vm.cutSceneData[vm.cutSceneStackPointer] = args[0]; @@ -1313,6 +1314,9 @@ void ScummEngine::endCutscene() { vm.cutSceneScript[vm.cutSceneStackPointer] = 0; vm.cutScenePtr[vm.cutSceneStackPointer] = 0; + + if (0 == vm.cutSceneStackPointer) + error("Cutscene stack underflow"); vm.cutSceneStackPointer--; if (VAR(VAR_CUTSCENE_END_SCRIPT)) -- cgit v1.2.3 From a12dada82249cb713e2a9162b26ad3207127726c Mon Sep 17 00:00:00 2001 From: Max Horn Date: Tue, 5 Apr 2011 11:13:08 +0200 Subject: SCUMM: Fix off-by-one mistakes in out-of-bounds checks; name some constants --- engines/scumm/script.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'engines/scumm/script.cpp') diff --git a/engines/scumm/script.cpp b/engines/scumm/script.cpp index a76461f579..c481fb8a4e 100644 --- a/engines/scumm/script.cpp +++ b/engines/scumm/script.cpp @@ -319,6 +319,9 @@ void ScummEngine::runScriptNested(int script) { updateScriptPtr(); + if (vm.numNestedScripts >= kMaxScriptNesting) + error("Too many nested scripts"); + nest = &vm.nest[vm.numNestedScripts]; if (_currentScript == 0xFF) { @@ -334,9 +337,6 @@ void ScummEngine::runScriptNested(int script) { vm.numNestedScripts++; - if (vm.numNestedScripts > ARRAYSIZE(vm.nest)) - error("Too many nested scripts"); - _currentScript = script; getScriptBaseAddress(); resetScriptPointer(); @@ -1284,7 +1284,7 @@ void ScummEngine::beginCutscene(int *args) { vm.slot[scr].cutsceneOverride++; ++vm.cutSceneStackPointer; - if (vm.cutSceneStackPointer > ARRAYSIZE(vm.cutSceneData)) + if (vm.cutSceneStackPointer >= kMaxCutsceneNum) error("Cutscene stack overflow"); vm.cutSceneData[vm.cutSceneStackPointer] = args[0]; @@ -1325,7 +1325,7 @@ void ScummEngine::endCutscene() { void ScummEngine::abortCutscene() { const int idx = vm.cutSceneStackPointer; - assert(0 <= idx && idx < 5); + assert(0 <= idx && idx < kMaxCutsceneNum); uint32 offs = vm.cutScenePtr[idx]; if (offs) { @@ -1344,7 +1344,7 @@ void ScummEngine::abortCutscene() { void ScummEngine::beginOverride() { const int idx = vm.cutSceneStackPointer; - assert(0 <= idx && idx < 5); + assert(0 <= idx && idx < kMaxCutsceneNum); vm.cutScenePtr[idx] = _scriptPointer - _scriptOrgPointer; vm.cutSceneScript[idx] = _currentScript; @@ -1361,7 +1361,7 @@ void ScummEngine::beginOverride() { void ScummEngine::endOverride() { const int idx = vm.cutSceneStackPointer; - assert(0 <= idx && idx < 5); + assert(0 <= idx && idx < kMaxCutsceneNum); vm.cutScenePtr[idx] = 0; vm.cutSceneScript[idx] = 0; -- cgit v1.2.3 From 55e65cee8099d91ae4797f7772cb5e459089892a Mon Sep 17 00:00:00 2001 From: Max Horn Date: Tue, 5 Apr 2011 13:43:54 +0200 Subject: SCUMM: Cleanup --- engines/scumm/script.cpp | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'engines/scumm/script.cpp') diff --git a/engines/scumm/script.cpp b/engines/scumm/script.cpp index c481fb8a4e..c6c1f5f58f 100644 --- a/engines/scumm/script.cpp +++ b/engines/scumm/script.cpp @@ -261,8 +261,7 @@ void ScummEngine::stopScript(int script) { /* Stop an object script 'script'*/ void ScummEngine::stopObjectScript(int script) { ScriptSlot *ss; - NestedScript *nest; - int i, num; + int i; if (script == 0) return; @@ -282,19 +281,14 @@ void ScummEngine::stopObjectScript(int script) { } } - nest = vm.nest; - num = vm.numNestedScripts; - - while (num > 0) { - if (nest->number == script && - (nest->where == WIO_ROOM || nest->where == WIO_INVENTORY || nest->where == WIO_FLOBJECT)) { - nukeArrays(nest->slot); - nest->number = 0xFF; - nest->slot = 0xFF; - nest->where = 0xFF; + for (i = 0; i < vm.numNestedScripts; ++i) { + if (vm.nest[i].number == script && + (vm.nest[i].where == WIO_ROOM || vm.nest[i].where == WIO_INVENTORY || vm.nest[i].where == WIO_FLOBJECT)) { + nukeArrays(vm.nest[i].slot); + vm.nest[i].number = 0xFF; + vm.nest[i].slot = 0xFF; + vm.nest[i].where = 0xFF; } - nest++; - num--; } } -- cgit v1.2.3 From 0ce2ca4e006a70d787481040fa844c85aac43222 Mon Sep 17 00:00:00 2001 From: Max Horn Date: Tue, 12 Apr 2011 16:53:15 +0200 Subject: COMMON: Replace MKID_BE by MKTAG MKID_BE relied on unspecified behavior of the C++ compiler, and as such was always a bit unsafe. The new MKTAG macro is slightly less elegant, but does no longer depend on the behavior of the compiler. Inspired by FFmpeg, which has an almost identical macro. --- engines/scumm/script.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'engines/scumm/script.cpp') diff --git a/engines/scumm/script.cpp b/engines/scumm/script.cpp index c6c1f5f58f..9e02f126cd 100644 --- a/engines/scumm/script.cpp +++ b/engines/scumm/script.cpp @@ -174,7 +174,7 @@ int ScummEngine::getVerbEntrypoint(int obj, int entry) { else if (_game.features & GF_SMALL_HEADER) verbptr = objptr + 19; else - verbptr = findResource(MKID_BE('VERB'), objptr); + verbptr = findResource(MKTAG('V','E','R','B'), objptr); assert(verbptr); @@ -921,7 +921,7 @@ void ScummEngine::runExitScript() { // be limiting ourselves to strictly reading the size from the header? if (_game.id == GID_INDY3 && !(_game.features & GF_OLD_BUNDLE)) { byte *roomptr = getResourceAddress(rtRoom, _roomResource); - const byte *excd = findResourceData(MKID_BE('EXCD'), roomptr) - _resourceHeaderSize; + const byte *excd = findResourceData(MKTAG('E','X','C','D'), roomptr) - _resourceHeaderSize; if (!excd || (getResourceDataSize(excd) < 1)) { debug(2, "Exit-%d is empty", _roomResource); return; -- cgit v1.2.3