AGI: Fix various CIDs

CID 1350104: regression from graphics rewrite in C64 picture drawing CID 1350101: potential buffer overflow in set.simple command CID 1350112: uninitialized variable in TextMgr CID 1350113: false positive uninitialized variable in SystemUI CID 1350114: potentially uninitialized variable in IIgsSample CID 1350117: false positive uninitialized variable in InventoryMgr CID 1350103: code bug in CGA rendering TextMgr::charAttrib_Set() CID 1350109: false positive in GfxFont::loadFontAmigaPseudoTopaz() CID 1350111: original AGI uninitialized memory issue in SpritesMgr::showObject
2016-02-09 12:47:45 +01:00 · 2016-02-09 12:47:45 +01:00 · f5a83adc01
commit f5a83adc01
parent 01d3d02679
8 changed files with 19 additions and 6 deletions
--- a/engines/agi/font.cpp
+++ b/engines/agi/font.cpp
@ -829,6 +829,10 @@ void GfxFont::loadFontAmigaPseudoTopaz() {
 			assert((topazBitOffset & 7) == 0);

 			topazByteOffset = topazBitOffset >> 3;
+
+			// Security check, although we are working on static const data from within ScummVM
+			assert((topazByteOffset + ((topazHeight - 1) * topazModulo)) < sizeof(fontData_AmigaPseudoTopaz));
+
 			for (uint16 curHeight = 0; curHeight < topazHeight; curHeight++) {
 				*fontData = topazData[topazByteOffset];
 				fontData++;
--- a/engines/agi/inv.cpp
+++ b/engines/agi/inv.cpp
@ -34,6 +34,8 @@ InventoryMgr::InventoryMgr(AgiEngine *agi, GfxMgr *gfx, TextMgr *text, SystemUI
 	_gfx = gfx;
 	_text = text;
 	_systemUI = systemUI;
+
+	_activeItemNr = -1;
 }

 InventoryMgr::~InventoryMgr() {
--- a/engines/agi/op_cmd.cpp
+++ b/engines/agi/op_cmd.cpp
@ -908,7 +908,9 @@ void cmdSetSimple(AgiGame *state, AgiEngine *vm, uint8 *parameter) {

 		// Try to get description for automatic saves
 		textPtr = state->strings[stringNr];
-		strncpy(state->automaticSaveDescription, textPtr, sizeof(state->automaticSaveDescription));
+
+		memset(state->automaticSaveDescription, 0, sizeof(state->automaticSaveDescription));
+		strncpy(state->automaticSaveDescription, textPtr, sizeof(state->automaticSaveDescription) - 1);
 		if (state->automaticSaveDescription[0]) {
 			// We got it and it's set, so enable automatic saving
 			state->automaticSave = true;
--- a/engines/agi/picture.cpp
+++ b/engines/agi/picture.cpp
@ -394,9 +394,6 @@ void PictureMgr::drawPictureC64() {
 			_patCode = getNextByte();
 			plotBrush();
 			break;
-		case 0xfb:
-			draw_LineShort();
-			break;
 		case 0xff: // end of data
 			return;
 		default:
@ -433,6 +430,9 @@ void PictureMgr::drawPictureV1() {
 			_scrOn = true;
 			_priOn = false;
 			break;
+		case 0xfb:
+			draw_LineShort();
+			break;
 		case 0xff: // end of data
 			return;
 		default:
--- a/engines/agi/sound_2gs.cpp
+++ b/engines/agi/sound_2gs.cpp
@ -482,6 +482,8 @@ static bool convertWave(Common::SeekableReadStream &source, int8 *dest, uint len
 IIgsSample::IIgsSample(uint8 *data, uint32 len, int16 resourceNr) : AgiSound() {
 	Common::MemoryReadStream stream(data, len, DisposeAfterUse::YES);

+	_sample = nullptr;
+
 	// Check that the header was read ok and that it's of the correct type
 	if (_header.read(stream) && _header.type == AGI_SOUND_SAMPLE) { // An Apple IIGS AGI sample resource
 		uint32 sampleStartPos = stream.pos();
--- a/engines/agi/sprite.cpp
+++ b/engines/agi/sprite.cpp
@ -394,7 +394,7 @@ void SpritesMgr::showObject(int16 viewNr) {
 	screenObj.yPos_prev = SCRIPT_HEIGHT - 1;
 	screenObj.yPos = screenObj.yPos_prev;
 	screenObj.priority = 15;
-	screenObj.flags |= fFixedPriority;
+	screenObj.flags = fFixedPriority; // Original AGI did "| fFixedPriority" on uninitialized memory
 	screenObj.objectNr = 255; // ???

 	backgroundBuffer = (uint8 *)malloc(screenObj.xSize * screenObj.ySize * 2); // for visual + priority data
--- a/engines/agi/systemui.cpp
+++ b/engines/agi/systemui.cpp
@ -38,6 +38,8 @@ SystemUI::SystemUI(AgiEngine *vm, GfxMgr *gfx, TextMgr *text) {
 	_askForVerificationMouseLockedButtonNr = -1;
 	_askForVerificationMouseActiveButtonNr = -1;

+	clearSavedGameSlots();
+
 	_textStatusScore = "Score:%v3 of %v7";
 	_textStatusSoundOn = "Sound:on";
 	_textStatusSoundOff = "Sound:off";
--- a/engines/agi/text.cpp
+++ b/engines/agi/text.cpp
@ -66,6 +66,7 @@ TextMgr::TextMgr(AgiEngine *vm, Words *words, GfxMgr *gfx) {

 	_inputStringRow = 0;
 	_inputStringColumn = 0;
+	_inputStringEntered = false;
 	_inputStringMaxLen = 0;
 	_inputStringCursorPos = 0;
 	_inputString[0] = 0;
@ -169,7 +170,7 @@ void TextMgr::charAttrib_Set(byte foreground, byte background) {
 			if (background) {
 				_textAttrib.combinedForeground = 3;
 				_textAttrib.combinedBackground = 8; // enable invert of colors
-			} else if (foreground > 14) {
+			} else {
 				if (foreground > 14) {
 					_textAttrib.combinedForeground = 3;
 				} else {