#3882 closed defect (fixed)
OS: Assert starting demo (regression)
| Reported by: | Kirben | Owned by: | SF/buddha_ |
|---|---|---|---|
| Priority: | normal | Component: | Engine: Cine |
| Version: | Keywords: | ||
| Cc: | Game: | Operation Stealth |
Description
ScummVM 0.13.0svn (Aug 19 2008 09:16:45) Compiled under mingw with GCC 4.2.1-dw2 Running on Windows XP Media Center 2005 Edition Amiga demo of Operation Stealth
The following assert is triggered when starting the Amiga demo of Operation Stealth: Assertion failed: idx >= 0 && (uint)idx < _size, file ./common/array.h, line 89
This problem is specific to ScummVM 0.13.0svn, and doesn't occur in the ScummVM 0.12.0pre branch.
Ticket imported from: #2058539. Ticket imported from: bugs/3882.
Change History (5)
comment:1 by , 16 years ago
| Summary: | OP: Assert starting demo (regression) → OS: Assert starting demo (regression) |
|---|
comment:2 by , 16 years ago
comment:3 by , 16 years ago
Fixed the font loading to handle all the known font versions. There are at least versions with 78, 85, 90 and 93 characters (e.g. German versions of Future Wars and Operation Stealth usually have a bit different font that includes support for additional characters used in the German language).
Fixed in the trunk with revision 34065: http://scummvm.svn.sourceforge.net/scummvm/?rev=34065&view=rev
Fixed in branch-0-12-0 with revision 34066: http://scummvm.svn.sourceforge.net/scummvm/?rev=34066&view=rev
P.S. The fix may possibly also fix bug #2019344: https://sourceforge.net/tracker/index.php?func=detail&aid=2019344&group_id=37116&atid=418820 i.e. "FW: crash with Amiga Italian version (photocopy room)", but not sure about that because I couldn't reproduce the bug myself.
comment:4 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:5 by , 5 years ago
| Component: | --Unset-- → Engine: Cine |
|---|---|
| Game: | → Operation Stealth |
There was an out of bounds access happening before too but it just went unnoticed, now at least there's an indication that something bad is happening and voila, now we have a bug report :-). That's good.
The access problem happens in loadTextData("texte.dat") in engines/cine/texte.cpp near the function's end on this line: gfxConvertSpriteToRaw(g_cine->_textHandler.textTable[i][0], &source[i * bytesPerCharacter], fontWidth, fontHeight); where data is tried to read out of bounds from the source array.
Source array's size is 4992 bytes. Current code assumes in this particular case that there is at least numCharacters * fontWidth * fontHeight bytes in the source and as numCharacters = 90, fontWidth = 8, fontHeight = 8 here it assumes there's at least 90 * 8 * 8 = 5760 bytes in the source.
The assumed source size (5760 bytes) is larger than the actual source size (4992 bytes) so therefore there's an out of bounds access happening here.
So apparently the font loading isn't quite correct yet.