diff options
Diffstat (limited to 'src/newgrf.cpp')
| -rw-r--r-- | src/newgrf.cpp | 41 |
1 files changed, 32 insertions, 9 deletions
diff --git a/src/newgrf.cpp b/src/newgrf.cpp index b065216e3..27fe019bc 100644 --- a/src/newgrf.cpp +++ b/src/newgrf.cpp @@ -6874,10 +6874,13 @@ static void DefineGotoLabel(ByteReader *buf) grfmsg(2, "DefineGotoLabel: GOTO target with label 0x%02X", label->label); } -static void ImportGRFSound() +/** + * Process a sound import from another GRF file. + * @param sound Destination for sound. + */ +static void ImportGRFSound(SoundEntry *sound) { const GRFFile *file; - SoundEntry *sound = AllocateSound(); uint32 grfid = FioReadDword(); SoundID sound_id = FioReadWord(); @@ -6901,10 +6904,13 @@ static void ImportGRFSound() sound->priority = 0; } -static void LoadGRFSound(size_t offs) +/** + * Load a sound from a file. + * @param offs File offset to read sound from. + * @param sound Destination for sound. + */ +static void LoadGRFSound(size_t offs, SoundEntry *sound) { - SoundEntry *sound = AllocateSound(); - /* Set default volume and priority */ sound->volume = 0x80; sound->priority = 0; @@ -6925,15 +6931,24 @@ static void GRFSound(ByteReader *buf) * W num Number of sound files that follow */ uint16 num = buf->ReadWord(); + if (num == 0) return; + SoundEntry *sound; if (_cur.grffile->sound_offset == 0) { _cur.grffile->sound_offset = GetNumSounds(); _cur.grffile->num_sounds = num; + sound = AllocateSound(num); + } else { + sound = GetSound(_cur.grffile->sound_offset); } for (int i = 0; i < num; i++) { _cur.nfo_line++; + /* Check whether the index is in range. This might happen if multiple action 11 are present. + * While this is invalid, we do not check for this. But we should prevent it from causing bigger trouble */ + bool invalid = i >= _cur.grffile->num_sounds; + size_t offs = FioGetPos(); uint32 len = _cur.grf_container_ver >= 2 ? FioReadDword() : FioReadWord(); @@ -6941,12 +6956,15 @@ static void GRFSound(ByteReader *buf) if (_cur.grf_container_ver >= 2 && type == 0xFD) { /* Reference to sprite section. */ - if (len != 4) { + if (invalid) { + grfmsg(1, "GRFSound: Sound index out of range (multiple Action 11?)"); + FioSkipBytes(len); + } else if (len != 4) { grfmsg(1, "GRFSound: Invalid sprite section import"); FioSkipBytes(len); } else { uint32 id = FioReadDword(); - if (_cur.stage == GLS_INIT) LoadGRFSound(GetGRFSpriteOffset(id)); + if (_cur.stage == GLS_INIT) LoadGRFSound(GetGRFSpriteOffset(id), sound + i); } continue; } @@ -6958,6 +6976,11 @@ static void GRFSound(ByteReader *buf) continue; } + if (invalid) { + grfmsg(1, "GRFSound: Sound index out of range (multiple Action 11?)"); + FioSkipBytes(len); + } + byte action = FioReadByte(); switch (action) { case 0xFF: @@ -6966,7 +6989,7 @@ static void GRFSound(ByteReader *buf) if (_cur.grf_container_ver >= 2) { grfmsg(1, "GRFSound: Inline sounds are not supported for container version >= 2"); } else { - LoadGRFSound(offs); + LoadGRFSound(offs, sound + i); } } FioSkipBytes(len - 1); // already read <action> @@ -6977,7 +7000,7 @@ static void GRFSound(ByteReader *buf) /* XXX 'Action 0xFE' isn't really specified. It is only mentioned for * importing sounds, so this is probably all wrong... */ if (FioReadByte() != 0) grfmsg(1, "GRFSound: Import type mismatch"); - ImportGRFSound(); + ImportGRFSound(sound + i); } else { FioSkipBytes(len - 1); // already read <action> } |