Opened 17 months ago
Closed 17 months ago
#13935 closed defect (fixed)
SCUMM: FT: drawCharV7() buffer-overflow during ending credits (ASAN)
| Reported by: | dwatteau | Owned by: | dwatteau |
|---|---|---|---|
| Priority: | normal | Component: | Engine: SCUMM |
| Version: | Keywords: | ASAN, drawCharV7 | |
| Cc: | Game: | Full Throttle |
Description
ASAN (clang++ 14) detected this when the text scrolls during the ending credits to Full Throttle (Git HEAD build). Impacted char was a \x8a, which is an "รจ".
...
SUMMARY: AddressSanitizer: heap-buffer-overflow charset.cpp:2024 in Scumm::CharsetRendererV7::drawCharV7(unsigned char*, Common::Rect&, int, int, int, short, Scumm::TextStyleFlags, unsigned char)
frame #5: 0x00000001002d101b scummvm`Scumm::CharsetRendererV7::drawCharV7(this=0x000060e000083ec0, buffer="##############################################################################################################", clipRect=0x000063200001330e, x=134, y=0, pitch=320, col=146, flags=kStyleAlignCenter, chr='\x8a') at charset.cpp:2024:10
2021 for (int dx = x; dx < x + _origWidth; ++dx) {
2022 byte color = (bits >> (8 - bpp)) & 0xFF;
2023 if (color && dx >= 0 && dx < x + width && y >= 0)
-> 2024 *dst = cmap[color];
2025 dst++;
2026 bits <<= bpp;
2027 numbits -= bpp;
...
Full trace attached below. I've tried having a look at it myself, but couldn't figure out the issue.
Nothing urgent!
Attachments (2)
Change History (3)
by , 17 months ago
| Attachment: | ft-asan-drawCharV7-credits.txt added |
|---|
by , 17 months ago
Savegame triggering the issue (made on PS3, fwiw); French FT
comment:1 by , 17 months ago
| Owner: | set to |
|---|---|
| Resolution: | โ fixed |
| Status: | new โ closed |
Fixed by athrxx in commit 64a93af9ab10232b960ceafdda2d56334c759d03. Thanks!
Note:
See TracTickets
for help on using tickets.
ASAN trace