From bba7ab786bd47d259dac5254c03b1b0f56a7e890 Mon Sep 17 00:00:00 2001
From: Peter Kohaut
Date: Sun, 17 Mar 2019 20:25:37 +0100
Subject: BLADERUNNER: Fixed integer underflow for Russian videos

---
 engines/bladerunner/vqa_decoder.cpp | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

(limited to 'engines')

diff --git a/engines/bladerunner/vqa_decoder.cpp b/engines/bladerunner/vqa_decoder.cpp
index 38d3fd4744..ddd6c98abd 100644
--- a/engines/bladerunner/vqa_decoder.cpp
+++ b/engines/bladerunner/vqa_decoder.cpp
@@ -347,10 +347,12 @@ bool VQADecoder::readVQHD(Common::SeekableReadStream *s, uint32 size) {
 bool VQADecoder::VQAVideoTrack::readVQFR(Common::SeekableReadStream *s, uint32 size, uint readFlags) {
 	IFFChunkHeader chd;
 
-	while (size >= 8) {
+	signed int sizeLeft = size; // we have to use signed int to avoid underflow
+
+	while (sizeLeft >= 8) {
 		if (!readIFFChunkHeader(s, &chd))
 			return false;
-		size -= roundup(chd.size) + 8;
+		sizeLeft -= roundup(chd.size) + 8;
 
 		bool rc = false;
 		switch (chd.id) {
@@ -663,10 +665,12 @@ void VQADecoder::VQAVideoTrack::decodeVideoFrame(Graphics::Surface *surface, boo
 bool VQADecoder::VQAVideoTrack::readVQFL(Common::SeekableReadStream *s, uint32 size, uint readFlags) {
 	IFFChunkHeader chd;
 
-	while (size >= 8) {
+	signed int sizeLeft = size; // we have to use signed int to avoid underflow
+
+	while (sizeLeft >= 8) {
 		if (!readIFFChunkHeader(s, &chd))
 			return false;
-		size -= roundup(chd.size) + 8;
+		sizeLeft -= roundup(chd.size) + 8;
 
 		bool rc = false;
 		switch (chd.id) {
-- 
cgit v1.2.3