Opened 4 days ago

Closed 4 days ago

#15507 closed defect (fixed)

SCUMM: FT: ScummEngine_v7::displayDialog() copies random garbage to _charsetColorMap

Reported by: eriktorbjorn Owned by: athrxx
Priority: high Component: Engine: SCUMM
Version: Keywords:
Cc: Game: Full Throttle

Description

I've been trying to hunt down the cause of Valgrind warnings about uninitialized data when saving in Full Throttle, and I finally think I see what happens, even if I still don't know why.

If I start Full Throttle and skip by the intro cutscenes, it ends up calling ScummEngine_v7::displayDialog() while _charset->getCurID() is -1. That means that this code:

	if (_game.version == 7)
		memcpy(_charsetColorMap, _charsetData[_charset->getCurID()], _game.id == GID_DIG ? sizeof(_charsetColorMap) : 4);

will print whatever is in memory before _charsetData to _charsetColorMap. The same code also appears in ScummEngine_v7::drawBlastTexts() but I don't know if it too can copy random data.

I think this has the potential to be serious enough to warrant a fix before 2.9.0, but I'll admit that this is just a gut feeling.

Change History (4)

comment:1 by eriktorbjorn, 4 days ago

The same thing appears to happen in The Curse of Monkey Island as well, though there it was overwritten by non-random data before it could cause Valgrind warnings on saving.

comment:2 by AndywinXp, 4 days ago

Priority: normalblocker

comment:3 by AndywinXp, 4 days ago

Priority: blockerhigh

comment:4 by AndywinXp, 4 days ago

Owner: set to athrxx
Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.