SCI: Truncate channel data in case it goes beyond resource size

Fixes invalid memory access during kq5 floppy ending
2025-01-01 15:09:47 +00:00 · 2016-03-08 03:36:02 +01:00 · 2016-03-08 03:36:02 +01:00 · 6779340b24
commit 6779340b24
parent 343f1c7f8b
1 changed files with 6 additions and 0 deletions
--- a/engines/sci/resource_audio.cpp
+++ b/engines/sci/resource_audio.cpp
@ -688,6 +688,12 @@ SoundResource::SoundResource(uint32 resourceNr, ResourceManager *resMan, SciVers

 					channel->data = resource->data + dataOffset;
 					channel->size = READ_LE_UINT16(data + 4);
+
+					if (dataOffset + channel->size > resource->size) {
+						warning("Invalid size inside sound resource %d: track %d, channel %d", resourceNr, trackNr, channelNr);
+						channel->size = resource->size - dataOffset;
+					}
+
 					channel->curPos = 0;
 					channel->number = *channel->data;