Context Navigation

← Previous Ticket
Next Ticket →

#10322 closed defect (fixed)

FULLPIPE: Map screen, array OOB access

Reported by:	bgK	Owned by:	bgK
Priority:	blocker	Component:	Engine: NGI
Version:		Keywords:	has-backtrace
Cc:		Game:	Full Pipe

Description

ScummVM: 64c88d4c4fd069dae321cc576259ef88a7cb2b78
Game: German full version

Steps to reproduce:

From the beginning of the game, enter the left pipe to the room with the creatures playing dominoes
Click on '2' on the elevator control panel
While the elevator is moving up, open the map

scummvm: ../common/array.h:192: T& Common::Array<T>::operator[](Common::Array<T>::size_type) [with T = Fullpipe::BigPicture*; Common::Array<T>::size_type = unsigned int]: Assertion `idx < _size' failed.
(gdb) bt full
#3  0x00007ffff40e3153 in __assert_fail () from /usr/lib/libc.so.6
#4  0x00005555556bd6b6 in Common::Array<Fullpipe::BigPicture*>::operator[] (this=0x611000586068, idx=3) at ../common/array.h:192
        __PRETTY_FUNCTION__ = "T& Common::Array<T>::operator[](Common::Array<T>::size_type) [with T = Fullpipe::BigPicture*; Common::Array<T>::size_type = unsigned int]"
#5  0x00005555556dbf51 in Fullpipe::Background::getBigPicture (this=0x611000586000, x=0, y=1) at ../engines/fullpipe/gfx.h:217
#6  0x0000555555757671 in Fullpipe::Scene::drawContent (this=0x611000586000, minPri=60000, maxPri=0, drawBg=true)
    at ../engines/fullpipe/scene.cpp:722
        v27 = 0x7fff05050640
        y = 600
        v25 = 1
        oldx = 800
        bgStX = 306
        bgNumX = 0
        bgOffsetX = 306
        bgStY = 684
        bgNumY = 1
        bgOffsetY = 84
        bgPosX = 0
        width = 1600
        height = 600
        dims = {x = 1600, y = 1285}
#7  0x000055555575544d in Fullpipe::Scene::draw (this=0x611000586000) at ../engines/fullpipe/scene.cpp:511
        priority = -18320
#8  0x0000555555700228 in Fullpipe::ModalMap::update (this=0x60b00019f860) at ../engines/fullpipe/modal.cpp:587
#9  0x000055555569a859 in Fullpipe::FullpipeEngine::updateScreen (this=0x61e000020480) at ../engines/fullpipe/fullpipe.cpp:485
#10 0x0000555555698201 in Fullpipe::FullpipeEngine::run (this=0x61e000020480) at ../engines/fullpipe/fullpipe.cpp:303
        time2 = 244362
        format = {bytesPerPixel = 4 '\004', rLoss = 0 '\000', gLoss = 0 '\000', bLoss = 0 '\000', aLoss = 0 '\000', rShift = 24 '\030', 
          gShift = 16 '\020', bShift = 8 '\b', aShift = 0 '\000'}
        scene = 0
        time1 = 244362

Change History (2)

comment:1 by bgK, 7 years ago

Owner:	set to bgK
Resolution:	→ fixed
Status:	new → closed

Fixed in 694990e712598f

comment:2 by digitall, 4 years ago

Component:	Engine: Fullpipe → Engine: NGI

Note: See TracTickets for help on using tickets.

Download in other formats: