From 1ce633b894d0c56c42b0ad696378f1236bcfddb1 Mon Sep 17 00:00:00 2001 From: peter1138 Date: Sat, 19 May 2007 22:37:24 +0000 Subject: (svn r9883) -Fix (r4965): [NewGRF] Check for overflow and carry over when adding to the existing value. --- src/newgrf.cpp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/newgrf.cpp b/src/newgrf.cpp index ee8e35526..55f64f461 100644 --- a/src/newgrf.cpp +++ b/src/newgrf.cpp @@ -3094,11 +3094,18 @@ static void CfgApply(byte *buf, int len) grfmsg(8, "CfgApply: Applying %u bytes from parameter 0x%02X at offset 0x%04X", param_size, param_num, offset); + bool carry = false; for (i = 0; i < param_size; i++) { uint32 value = GetParamVal(param_num + i / 4, NULL); + /* Reset carry flag for each iteration of the variable (only really + * matters if param_size is greater than 4) */ + if (i == 0) carry = false; if (add_value) { - _preload_sprite[offset + i] += GB(value, (i % 4) * 8, 8); + uint new_value = _preload_sprite[offset + i] + GB(value, (i % 4) * 8, 8) + (carry ? 1 : 0); + _preload_sprite[offset + i] = GB(new_value, 0, 8); + /* Check if the addition overflowed */ + carry = new_value >= 256; } else { _preload_sprite[offset + i] = GB(value, (i % 4) * 8, 8); } -- cgit v1.2.3-70-g09d2