thirdparty/scummvm
2
0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SCI: Fix buffer overflow when loading Korean font

Browse source 
Fixes bug #11966
This commit is contained in:
sluicebox 2020-11-21 00:51:04 -08:00
parent 6fefa0d9b5
commit b5241be248
1 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

12
graphics/korfont.cpp
View file

@ -296,6 +296,10 @@ bool FontKoreanSVM::loadData(const char *fontFile) {
uint numChars16x16 = data->readUint16BE();
uint numChars8x16 = data->readUint16BE();
uint numChars8x8 = data->readUint16BE();
if (data->err()) {
delete data;
return false;
}
if (_fontWidth == 16) {
_fontData16x16Size = numChars16x16 * 32;
@ -304,10 +308,12 @@ bool FontKoreanSVM::loadData(const char *fontFile) {
data->read(_fontData16x16, _fontData16x16Size);
_fontData8x16Size = numChars8x16 * 16;
_fontData8x16 = new uint8[numChars8x16 * 16];
_fontData8x16 = new uint8[_fontData8x16Size];
assert(_fontData8x16);
for (uint i=0; i < _fontData8x16Size; i++)
data->read(&_fontData8x16[i], 2);
for (uint i = 0; i < _fontData8x16Size; ++i) {
_fontData8x16[i] = data->readByte();
data->skip(1);
}
} else {
data->skip(numChars16x16 * 32);
data->skip(numChars8x16 * 32);