From 86f489db27e941dee4924c736b172559cbd9d6f0 Mon Sep 17 00:00:00 2001
From: Alexey Yakovenko <wakeroid@gmail.com>
Date: Wed, 6 Oct 2010 21:51:31 +0200
Subject: fixed a pile of memory errors in adplug

---
 plugins/adplug/adplug/adl.cpp | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

(limited to 'plugins/adplug')

diff --git a/plugins/adplug/adplug/adl.cpp b/plugins/adplug/adplug/adl.cpp
index 66f1d227..13ddd222 100644
--- a/plugins/adplug/adplug/adl.cpp
+++ b/plugins/adplug/adplug/adl.cpp
@@ -282,7 +282,11 @@ public:
   }
 
   uint8 *getInstrument(int instrumentId) {
-    return _soundData + READ_LE_UINT16(_soundData + 500 + 2 * instrumentId);
+      int offset = READ_LE_UINT16(_soundData + 500 + 2 * instrumentId);
+      if (offset == 0xffff) {
+          return NULL;
+      }
+    return _soundData + offset;
   }
 
   void setupPrograms();
@@ -423,7 +427,7 @@ public:
   uint8 *_soundData;
 
   uint8 _soundIdTable[0x10];
-  Channel _channels[10];
+  Channel _channels[0xff]; // FIXME: this array must be of size 10, but some files attempt to index >200, so this is a temporary fix to avoid invalid writes
 
   uint8 _vibratoAndAMDepthBits;
   uint8 _rhythmSectionBits;
@@ -997,6 +1001,9 @@ void AdlibDriver::setupNote(uint8 rawNote, Channel &channel, bool flag) {
 }
 
 void AdlibDriver::setupInstrument(uint8 regOffset, uint8 *dataptr, Channel &channel) {
+    if (!dataptr) {
+        return;
+    }
   debugC(9, kDebugLevelSound, "setupInstrument(%d, %p, %lu)", regOffset, (const void *)dataptr, (long)(&channel - _channels));
   // Amplitude Modulation / Vibrato / Envelope Generator Type /
   // Keyboard Scaling Rate / Modulator Frequency Multiple
@@ -2278,6 +2285,10 @@ void CadlPlayer::play(uint8_t track) {
   if (soundId == 0xff || !_soundDataPtr)
     return;
   soundId &= 0xFF;
+  int offset = READ_LE_UINT16(_driver->_soundData + 2 * soundId);
+  if (offset == 0xffff) {
+      return;
+  }
   _driver->callback(16, 0);
   // 	while ((_driver->callback(16, 0) & 8)) {
   // We call the system delay and not the game delay to avoid concurrency issues.
@@ -2410,6 +2421,15 @@ unsigned int CadlPlayer::getsubsongs()
 
 bool CadlPlayer::update()
 {
+  uint8 soundId = _trackEntries[cursubsong];
+  if (soundId == 0xff || !_soundDataPtr) {
+      return false;
+  }
+  soundId &= 0xFF;
+  int offset = READ_LE_UINT16(_driver->_soundData + 2 * soundId);
+  if (offset == 0xffff) {
+      return false;
+  }
   bool songend = true;
 
 //   if(_trackEntries[cursubsong] == 0xff)
-- 
cgit v1.2.3