libretro/scummvm
1
0
Fork 0
mirror of https://github.com/libretro/scummvm.git synced 2025-02-21 19:51:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

DRASCULA: Add fix for crash/OOB memory accesses in bug #3440895

Browse Source 
This bug is "DRASCULA-IT: Crash/graphic glitch at castle towers".
The crash was due to width and height values being passed to
copyBackground() being invalid due to out of bounds read from
the factor_red array. This adds debugging statements and fixes
the crash by clipping accesses to the maximum index of factor_red.

This doesn't however fix the observed GFX glitch, but stops it being
a segfault.
This commit is contained in:
D G Turner 2011-11-25 06:30:10 +00:00
parent c451bd4340
commit a0dbe45a45
2 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
engines/drascula/graphics.cpp
View File

@ -154,6 +154,7 @@ void DrasculaEngine::showFrame(Common::SeekableReadStream *stream, bool firstFra
}
void DrasculaEngine::copyBackground(int xorg, int yorg, int xdes, int ydes, int width, int height, byte *src, byte *dest) {
debug(1, "DrasculaEngine::copyBackground(xorg:%d, yorg:%d, xdes:%d, ydes:%d width:%d height:%d, src, dest)", xorg, yorg, xdes, ydes, width,height);
dest += xdes + ydes * 320;
src += xorg + yorg * 320;
/* Unoptimized code

25
engines/drascula/talk.cpp
View File

@ -372,6 +372,7 @@ void DrasculaEngine::talk(int index) {
}
void DrasculaEngine::talk(const char *said, const char *filename) {
debug(1, "DrasculaEngine::talk(said:\"%s\", filename:\"%s\")", said, filename);
int talkOffset = 0;
if (currentChapter != 2)
talkOffset = 1;
@ -414,8 +415,8 @@ void DrasculaEngine::talk(const char *said, const char *filename) {
if (currentChapter == 2)
copyBackground(curX, curY, OBJWIDTH + 1, 0, curWidth, talkHeight - 1, screenSurface, drawSurface3);
else
copyBackground(curX, curY, OBJWIDTH + 1, 0, (int)(((float)curWidth / 100) * factor_red[curY + curHeight]),
(int)(((float)(talkHeight - 1) / 100) * factor_red[curY + curHeight]),
copyBackground(curX, curY, OBJWIDTH + 1, 0, (int)(((float)curWidth / 100) * factor_red[MIN(201, curY + curHeight)]),
(int)(((float)(talkHeight - 1) / 100) * factor_red[MIN(201, curY + curHeight)]),
screenSurface, drawSurface3);
moveCharacters();
@ -424,8 +425,8 @@ void DrasculaEngine::talk(const char *said, const char *filename) {
if (!strcmp(menuBackground, "99.alg") || !strcmp(menuBackground, "994.alg"))
copyBackground(OBJWIDTH + 1, 0, curX, curY, curWidth, talkHeight - 1, drawSurface3, screenSurface);
} else {
copyBackground(OBJWIDTH + 1, 0, curX, curY, (int)(((float)curWidth / 100) * factor_red[curY + curHeight]),
(int)(((float)(talkHeight - 1) / 100) * factor_red[curY + curHeight]),
copyBackground(OBJWIDTH + 1, 0, curX, curY, (int)(((float)curWidth / 100) * factor_red[MIN(201, curY + curHeight)]),
(int)(((float)(talkHeight - 1) / 100) * factor_red[MIN(201, curY + curHeight)]),
drawSurface3, screenSurface);
}
@ -434,8 +435,8 @@ void DrasculaEngine::talk(const char *said, const char *filename) {
copyRect(x_talk_izq[face], y_mask_talk, curX + 8, curY - 1, talkWidth, talkHeight,
extraSurface, screenSurface);
else
reduce_hare_chico(x_talk_izq[face], y_mask_talk, curX + (int)((8.0f / 100) * factor_red[curY + curHeight]),
curY, talkWidth, talkHeight, factor_red[curY + curHeight],
reduce_hare_chico(x_talk_izq[face], y_mask_talk, curX + (int)((8.0f / 100) * factor_red[MIN(201, curY + curHeight)]),
curY, talkWidth, talkHeight, factor_red[MIN(201, curY + curHeight)],
extraSurface, screenSurface);
updateRefresh();
@ -444,8 +445,8 @@ void DrasculaEngine::talk(const char *said, const char *filename) {
copyRect(x_talk_dch[face], y_mask_talk, curX + 12, curY, talkWidth, talkHeight,
extraSurface, screenSurface);
else
reduce_hare_chico(x_talk_dch[face], y_mask_talk, curX + (int)((12.0f / 100) * factor_red[curY + curHeight]),
curY, talkWidth, talkHeight, factor_red[curY + curHeight], extraSurface, screenSurface);
reduce_hare_chico(x_talk_dch[face], y_mask_talk, curX + (int)((12.0f / 100) * factor_red[MIN(201, curY + curHeight)]),
curY, talkWidth, talkHeight, factor_red[MIN(201, curY + curHeight)], extraSurface, screenSurface);
updateRefresh();
} else if (trackProtagonist == 2) {
if (currentChapter == 2)
@ -453,8 +454,8 @@ void DrasculaEngine::talk(const char *said, const char *filename) {
frontSurface, screenSurface);
else
reduce_hare_chico(x_talk_izq[face], y_mask_talk,
talkOffset + curX + (int)((12.0f / 100) * factor_red[curY + curHeight]),
curY, talkWidth, talkHeight, factor_red[curY + curHeight],
talkOffset + curX + (int)((12.0f / 100) * factor_red[MIN(201, curY + curHeight)]),
curY, talkWidth, talkHeight, factor_red[MIN(201, curY + curHeight)],
frontSurface, screenSurface);
updateRefresh();
} else if (trackProtagonist == 3) {
@ -463,8 +464,8 @@ void DrasculaEngine::talk(const char *said, const char *filename) {
frontSurface, screenSurface);
else
reduce_hare_chico(x_talk_dch[face], y_mask_talk,
talkOffset + curX + (int)((8.0f / 100) * factor_red[curY + curHeight]),
curY, talkWidth,talkHeight, factor_red[curY + curHeight],
talkOffset + curX + (int)((8.0f / 100) * factor_red[MIN(201, curY + curHeight)]),
curY, talkWidth,talkHeight, factor_red[MIN(201, curY + curHeight)],
frontSurface, screenSurface);
updateRefresh();
}