From bc0488382a18317f6c2ac532579f301896928c07 Mon Sep 17 00:00:00 2001 From: Robin Eklind Date: Mon, 9 May 2022 02:30:47 +0200 Subject: [PATCH] missiles: add BUGFIX for SetMissAnim A buffer overflow is triggered when casting Identify (or any other spell which has mFileNum set to 255). --- Source/missiles.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Source/missiles.cpp b/Source/missiles.cpp index a6a7a3f61..68e301216 100644 --- a/Source/missiles.cpp +++ b/Source/missiles.cpp @@ -1323,12 +1323,12 @@ void SetMissAnim(int mi, int animtype) int dir = missile[mi]._mimfnum; missile[mi]._miAnimType = animtype; - missile[mi]._miAnimFlags = misfiledata[animtype].mFlags; - missile[mi]._miAnimData = misfiledata[animtype].mAnimData[dir]; - missile[mi]._miAnimDelay = misfiledata[animtype].mAnimDelay[dir]; - missile[mi]._miAnimLen = misfiledata[animtype].mAnimLen[dir]; - missile[mi]._miAnimWidth = misfiledata[animtype].mAnimWidth[dir]; - missile[mi]._miAnimWidth2 = misfiledata[animtype].mAnimWidth2[dir]; + missile[mi]._miAnimFlags = misfiledata[animtype].mFlags; // BUGFIX: buffer overflow for MFILE_NONE (255). + missile[mi]._miAnimData = misfiledata[animtype].mAnimData[dir]; // BUGFIX: buffer overflow for MFILE_NONE (255). + missile[mi]._miAnimDelay = misfiledata[animtype].mAnimDelay[dir]; // BUGFIX: buffer overflow for MFILE_NONE (255). + missile[mi]._miAnimLen = misfiledata[animtype].mAnimLen[dir]; // BUGFIX: buffer overflow for MFILE_NONE (255). + missile[mi]._miAnimWidth = misfiledata[animtype].mAnimWidth[dir]; // BUGFIX: buffer overflow for MFILE_NONE (255). + missile[mi]._miAnimWidth2 = misfiledata[animtype].mAnimWidth2[dir]; // BUGFIX: buffer overflow for MFILE_NONE (255). missile[mi]._miAnimCnt = 0; missile[mi]._miAnimFrame = 1; }