#529 closed defect (fixed)
class Sound: writing past array bounds
| Reported by: | SF/sir_kill_a_lot | Owned by: | fingolfin |
|---|---|---|---|
| Priority: | normal | Component: | Engine: SCUMM |
| Version: | Keywords: | ||
| Cc: | Game: | Day of the Tentacle |
Description
ScummVM 0.2.7 CVS, Built on Oct 31 2002 07:14:27 (sound.cpp rev. 1.48)
I've discovered this bug while playing DOTT (German Talkie, using monster.sou) on Win32. After the second sentence in the first cutscene in the future all sound effects were gone, only the music played on. Instead of playing the sounds, the console said "WARNING: startTalkSound: did not find sound at offset xxxxxxxxx !!", I had to restart ScummVM to fix that.
I set a breackpoint in "Sound::startTalkSound" in scumm/sound.cpp and saw, that "_mouthSyncTimes" was written beyond its bounds. "_mouthSyncTimes" has 52 elements but "num" was set to 55. So the line "_mouthSyncTimes[i] = 0xFFFF;" after the loop actually changed the var "offset_table" and caused the warnings.
This array should be resized (why was its size initially set to 52?) and perhaps the range checked or something like that...
I attached a savegame of the cutscene, but it works only for the german version (probably this bug doesn't occur in the english one, german sentences/words are mostly longer)
Ticket imported from: #633082. Ticket imported from: bugs/529.
Attachments (1)
Change History (5)
by , 21 years ago
| Attachment: | tentacle.s06 added |
|---|
comment:1 by , 21 years ago
I am not sure how we derive the size of that array anyway, but I increased it to 64 entries (28 additional bytes shouldn't hurt us after all :- ). Hopefully that fixes the issue. I also added some asserts to make it easier to detect such issues in the future.
comment:2 by , 21 years ago
| Owner: | set to |
|---|---|
| Resolution: | → fixed |
| Status: | new → closed |
comment:3 by , 21 years ago
ScummVM 0.2.7 CVS Built on Nov 6 2002 04:00:55 Yes works perfectly, thx for fixing that.
comment:4 by , 5 years ago
| Component: | --Unset-- → Engine: SCUMM |
|---|---|
| Game: | → Day of the Tentacle |
Savegame (German)