Opened 14 years ago

Closed 14 years ago

Last modified 6 years ago

#9216 closed patch

overflows in agi and parallaction

Reported by: SF/reddwarf69 Owned by: lordhoto
Priority: normal Component: Engine: Parallaction
Version: Keywords:
Cc: Game:

Description

_textColors is 1 byte short since there is code that access it up to kNormalColor (= 2)

The third parameter of strncat is related to the source string, not to the destination one. Use sizeof() to not have the string size hardcoded in two different places. At the end the NULL byte is places 1 byte too far.

Ticket imported from: #3085298. Ticket imported from: patches/1321.

Attachments (1)

scummvm-overflow.patch (1.3 KB ) - added by SF/reddwarf69 14 years ago.
Patch over 1.2.0

Download all attachments as: .zip

Change History (4)

by SF/reddwarf69, 14 years ago

Attachment: scummvm-overflow.patch added

Patch over 1.2.0

comment:1 by lordhoto, 14 years ago

Owner: set to lordhoto
Status: newclosed

comment:2 by lordhoto, 14 years ago

Thanks for your patch. I committed the Parallaction bits now.

I changed the AGI bits to use strlcpy/strlcat instead of the strncpy/strncat though, since those are more intuitive to use (as this shows)

comment:3 by digitall, 6 years ago

Component: Engine: Parallaction
Note: See TracTickets for help on using tickets.