libretro/scummvm
1
0
Fork 0
mirror of https://github.com/libretro/scummvm.git synced 2025-01-20 00:45:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed a potential bug that could cause memory to be read out-of-bounds.

Browse Source 
(Unfortunately, this does not fix the Kyra bug I'm looking for.)

In the most extreme case:

* DR and RR will point to &DR_TABLE[60], and AR will point to &AR_TABLE[60]
* SLOT->KSR will be 0
* CH->kcode will be 15

In that case, it will attempt to access AR[15], RR[15] and DR[15], i.e.
AR_TABLE[75] and DR_TABLE[75]. So these arrays need to be 76 elements, not 75.

We used to initialise element 75, but this was changed to 74 to match the size
of the arrays. Buf if my reasoning is correct, it was the arrays that were too
small.

svn-id: r21301
This commit is contained in:
Torbjörn Andersson 2006-03-14 20:09:32 +00:00
parent c12a5a35be
commit 59b6f0f715
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sound/fmopl.cpp
View File

@ -587,7 +587,7 @@ static void init_timetables(FM_OPL *OPL, int ARRATE, int DRRATE) {
OPL->AR_TABLE[i] = (int)(rate / ARRATE);
OPL->DR_TABLE[i] = (int)(rate / DRRATE);
}
for (i = 60; i < 75; i++) {
for (i = 60; i < 76; i++) {
OPL->AR_TABLE[i] = EG_AED-1;
OPL->DR_TABLE[i] = OPL->DR_TABLE[60];
}

4
sound/fmopl.h
View File

@ -119,8 +119,8 @@ typedef struct fm_opl_f {
uint8 rythm; /* Rythm mode , key flag */
/* time tables */
int AR_TABLE[75]; /* atttack rate tables */
int DR_TABLE[75]; /* decay rate tables */
int AR_TABLE[76]; /* atttack rate tables */
int DR_TABLE[76]; /* decay rate tables */
uint FN_TABLE[1024];/* fnumber -> increment counter */
/* LFO */