Opened 19 years ago
Closed 19 years ago
#2261 closed defect (fixed)
BS1: crash in load game dialog
| Reported by: | wjp | Owned by: | eriktorbjorn |
|---|---|---|---|
| Priority: | normal | Component: | Engine: Sword1 |
| Version: | Keywords: | ||
| Cc: | Game: | Broken Sword 1 |
Description
If you have less than 8 savegames and press the page down button in the restore game dialog, the game crashes instantly.
Cause: saveNameScroll sets maxScroll to the number of savegames, e.g., 1., and this causes _saveScrollPos to be set to -7, which is translated to 249 because it's a uint8. Trying to print the savegame name then corrupts overflows the 40 byte string buffer, corrupts the stack, and crashes.
Possible fixes: Add "if (maxScroll < 8) maxScroll = 8;" after setting maxScroll in saveNameScroll().
Alternatively, don't try to scroll at all if _saveFiles < 8.
Ticket imported from: #1327972. Ticket imported from: bugs/2261.
Change History (2)
comment:1 by , 19 years ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:2 by , 19 years ago
Note:
See TracTickets
for help on using tickets.
Should be fixed in CVS now. Thanks again!