Opened 12 years ago
Closed 12 years ago
#5987 closed defect (fixed)
TSAGE: Out of bound access
| Reported by: | fingolfin | Owned by: | Strangerke |
|---|---|---|---|
| Priority: | normal | Component: | Engine: TsAGE |
| Version: | Keywords: | ||
| Cc: | Game: | Ringworld: Revenge of the Patriarch |
Description
Compiling ScummVM with clang uncovered the following out-of-bound pokes in tsage:
C++ engines/tsage/ringworld2/ringworld2_scenes1.o ../../engines/tsage/ringworld2/ringworld2_scenes1.cpp:11435:2: error: array index of '771' indexes past the end of an array (that contains 768 elements) [-Werror,-Warray-bounds] R2_GLOBALS._scenePalette._palette[771] = 255; ^ ~~~ ../../engines/tsage/globals.h:123:20: note: instantiated from: #define R2_GLOBALS (*((::TsAGE::Ringworld2::Ringworld2Globals *)g_globals)) ^ ../../engines/tsage/core.h:358:2: note: array '_palette' declared here byte _palette[256 * 3]; ^ ../../engines/tsage/ringworld2/ringworld2_scenes1.cpp:11436:2: error: array index of '772' indexes past the end of an array (that contains 768 elements) [-Werror,-Warray-bounds] R2_GLOBALS._scenePalette._palette[772] = 255; ^ ~~~ ../../engines/tsage/globals.h:123:20: note: instantiated from: #define R2_GLOBALS (*((::TsAGE::Ringworld2::Ringworld2Globals *)g_globals)) ^ ../../engines/tsage/core.h:358:2: note: array '_palette' declared here byte _palette[256 * 3]; ^ ../../engines/tsage/ringworld2/ringworld2_scenes1.cpp:11437:2: error: array index of '773' indexes past the end of an array (that contains 768 elements) [-Werror,-Warray-bounds] R2_GLOBALS._scenePalette._palette[773] = 255; ^ ~~~ ../../engines/tsage/globals.h:123:20: note: instantiated from: #define R2_GLOBALS (*((::TsAGE::Ringworld2::Ringworld2Globals *)g_globals)) ^ ../../engines/tsage/core.h:358:2: note: array '_palette' declared here byte _palette[256 * 3]; ^ 3 errors generated.
Ticket imported from: #3492133. Ticket imported from: bugs/5987.
Change History (6)
comment:1 by , 12 years ago
| Owner: | set to |
|---|
comment:2 by , 12 years ago
comment:3 by , 12 years ago
Strangerke: Either this is a minor numeric error or this is actually an access beyond the end of the _palette member to access say GfxColors or the Listeners? Can you confirm...
comment:4 by , 12 years ago
@tdhs: Note that the clang warning I posted even points to the definition of _palette, and even shows that it is defined as 768 byte array ;). clang diagnostics are *really* good :)
comment:5 by , 12 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Checked the code... The scenePalette._pallete member is defined in the engines/tsage/core.h header and is of size 256 * 3 = 768... so these 771, 772, 773 accesses in engines/tsage/ringworld2/ringworld2_scenes1.cpp lines 11435-7 are wrong..