libretro/scummvm
1
0
Fork 0
mirror of https://github.com/libretro/scummvm.git synced 2024-12-16 14:50:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

CGE2: Fix heap buffer overflow

Browse Source 
This was reported by address-sanitizer.
When the command is kCmdGhost, the Sprite pointer is not a valid
sprite, and trying to access its content causes a buffer overflow.
In normal usage it was not causing issues as while it reads some
random values in memory, this was then ignore.
This commit is contained in:
Thierry Crozat 2021-07-21 22:27:20 +01:00
parent 1ac7d01101
commit fc024141b7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
engines/cge2/snail.cpp
View File

@ -103,7 +103,7 @@ void CommandHandler::runCommand() {
spr = (tailCmd._ref < 0) ? ((Sprite *)tailCmd._spritePtr) : _vm->locate(tailCmd._ref);
Common::String sprStr;
if (spr && *spr->_file && (tailCmd._commandType != kCmdGhost))
if (tailCmd._commandType != kCmdGhost && spr && *spr->_file)
// In case of kCmdGhost _spritePtr stores a pointer to a Bitmap, not to a Sprite...
sprStr = Common::String(spr->_file);
else