From 0c2ab7182966b1897413e145fe80b95fca454edc Mon Sep 17 00:00:00 2001
From: Martin Kiewitz
Date: Fri, 30 Oct 2009 10:06:35 +0000
Subject: SCI: kStrAt / dont do call, when offset exceeds maxSize. fixes crash
 in kq5

svn-id: r45530
---
 engines/sci/engine/kstring.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'engines')

diff --git a/engines/sci/engine/kstring.cpp b/engines/sci/engine/kstring.cpp
index 8e4f72631b..db218f5097 100644
--- a/engines/sci/engine/kstring.cpp
+++ b/engines/sci/engine/kstring.cpp
@@ -309,8 +309,11 @@ reg_t kStrAt(EngineState *s, int argc, reg_t *argv) {
 		newvalue = argv[2].toSint16();
 
 	if (dest_r.isRaw) {
-		// FIXME: in kq5 this here gets called with offset = 0xFFFF, we should implement maxSize check in here
-		//  i dont know the exact behaviour, so i dont know how to do this correctly
+		// in kq5 this here gets called with offset 0xFFFF
+		if ((int)offset > dest_r.maxSize) {
+			warning("kStrAt offset %X exceeds maxSize", offset);
+			return s->r_acc;
+		}
 		value = dest_r.raw[offset];
 		if (argc > 2) /* Request to modify this char */
 			dest_r.raw[offset] = newvalue;
-- 
cgit v1.2.3