From 35086fe17cb2fee7fc4b91fa720031840d2f2c28 Mon Sep 17 00:00:00 2001
From: md5 <md5@scummvm.org>
Date: Thu, 12 May 2011 12:52:12 +0300
Subject: [PATCH] SCI: Fixed bugs #3299458 and #3295849

---
 engines/sci/engine/gc.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/engines/sci/engine/gc.cpp b/engines/sci/engine/gc.cpp
index 2d71878bda2..9c580dd8dcd 100644
--- a/engines/sci/engine/gc.cpp
+++ b/engines/sci/engine/gc.cpp
@@ -87,7 +87,8 @@ static void processWorkList(SegManager *segMan, WorklistManager &wm, const Commo
 		wm._worklist.pop_back();
 		if (reg.segment != stackSegment) { // No need to repeat this one
 			debugC(kDebugLevelGC, "[GC] Checking %04x:%04x", PRINT_REG(reg));
-			if (reg.segment < heap.size() && heap[reg.segment]) {
+			// We only check for valid offsets here. Fixes bugs #3299458 and #3295849.
+			if (reg.segment < heap.size() && heap[reg.segment] && heap[reg.segment]->isValidOffset(reg.offset)) {
 				// Valid heap object? Find its outgoing references!
 				wm.pushArray(heap[reg.segment]->listAllOutgoingReferences(reg));
 			}