--- a/changelog.txt Wed Jul 09 19:39:57 2008 +0000
+++ b/changelog.txt Wed Jul 16 10:07:38 2008 +0000
@@ -1,5 +1,10 @@
0.6.2-RC1 (2008-??-??)
------------------------------------------------------------------------
+- Fix: Possible buffer overflow in string truncation code (r13700)
+- Fix: Handle SETX(Y) properly when truncating a string instead of ignoring it and returning a too long string (r13699)
+- Fix: In some cases the (sound) mixer could overflow causing artefacts in the sound [FS#2120] (r13695)
+- Fix: Do not rely on .tar files always ending with a block of zeros (r13693)
+- Fix: Make sure a command is ran in the context of autoreplace or not (r13691)
- Fix: In the case that elrails and 'realistic' acceleration are disabled all electrified engines would have no power on load, until the vehicle got turned around, loaded or got into a depot [FS#2102]- Fix: Saving TTD imported games in recession failed due to wrong (and unneeded) type conversions in the saveload code [FS#2131] (r13679)
- Fix: Inactive companies from old (TTD) saves could be marked active in some cases, which then loads garbage in their statistics and such [FS#2126] (r13676)
- Fix: Memory leak when NewGRFs got forcefully disabled and they defined GOTO labels (r13675)
--- a/src/aircraft_cmd.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/aircraft_cmd.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -271,7 +271,7 @@
* @param tile tile of depot where aircraft is built
* @param flags for command
* @param p1 aircraft type being built (engine)
- * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number
+ * @param p2 unused
* return result of operation. Could be cost, error
*/
CommandCost CmdBuildAircraft(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
@@ -296,7 +296,7 @@
return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
}
- UnitID unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_AIRCRAFT);
+ UnitID unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_AIRCRAFT);
if (unit_num > _patches.max_aircraft)
return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
--- a/src/autoreplace_cmd.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/autoreplace_cmd.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -127,7 +127,7 @@
* @param flags is the flags to use when calling DoCommand(). Mainly DC_EXEC counts
* @return value is cost of the replacement or CMD_ERROR
*/
-static CommandCost ReplaceVehicle(Vehicle **w, byte flags, Money total_cost)
+static CommandCost ReplaceVehicle(Vehicle **w, uint32 flags, Money total_cost)
{
CommandCost cost;
CommandCost sell_value;
@@ -157,7 +157,7 @@
* We take it back if building fails or when we really sell the old engine */
SubtractMoneyFromPlayer(sell_value);
- cost = DoCommand(old_v->tile, new_engine_type, 3, flags, GetCmdBuildVeh(old_v));
+ cost = DoCommand(old_v->tile, new_engine_type, 0, flags | DC_AUTOREPLACE, GetCmdBuildVeh(old_v));
if (CmdFailed(cost)) {
/* Take back the money we just gave the player */
sell_value.MultiplyCost(-1);
@@ -246,7 +246,7 @@
if (next_veh != NULL) {
/* Verify that the wagons can be placed on the engine in question.
* This is done by building an engine, test if the wagons can be added and then sell the test engine. */
- DoCommand(old_v->tile, new_engine_type, 3, DC_EXEC, GetCmdBuildVeh(old_v));
+ DoCommand(old_v->tile, new_engine_type, 0, DC_EXEC | DC_AUTOREPLACE, GetCmdBuildVeh(old_v));
Vehicle *temp = GetVehicle(_new_vehicle_id);
tmp_move = DoCommand(0, (temp->index << 16) | next_veh->index, 1, 0, CMD_MOVE_RAIL_VEHICLE);
DoCommand(0, temp->index, 0, DC_EXEC, GetCmdSellVeh(old_v));
--- a/src/command_type.h Wed Jul 09 19:39:57 2008 +0000
+++ b/src/command_type.h Wed Jul 16 10:07:38 2008 +0000
@@ -264,14 +264,15 @@
* This enums defines some flags which can be used for the commands.
*/
enum {
- DC_EXEC = 0x01, ///< execute the given command
- DC_AUTO = 0x02, ///< don't allow building on structures
- DC_QUERY_COST = 0x04, ///< query cost only, don't build.
- DC_NO_WATER = 0x08, ///< don't allow building on water
- DC_NO_RAIL_OVERLAP = 0x10, ///< don't allow overlap of rails (used in buildrail)
- DC_AI_BUILDING = 0x20, ///< special building rules for AI
- DC_NO_TOWN_RATING = 0x40, ///< town rating does not disallow you from building
- DC_BANKRUPT = 0x80, ///< company bankrupts, skip money check, skip vehicle on tile check in some cases
+ DC_EXEC = 0x001, ///< execute the given command
+ DC_AUTO = 0x002, ///< don't allow building on structures
+ DC_QUERY_COST = 0x004, ///< query cost only, don't build.
+ DC_NO_WATER = 0x008, ///< don't allow building on water
+ DC_NO_RAIL_OVERLAP = 0x010, ///< don't allow overlap of rails (used in buildrail)
+ DC_AI_BUILDING = 0x020, ///< special building rules for AI
+ DC_NO_TOWN_RATING = 0x040, ///< town rating does not disallow you from building
+ DC_BANKRUPT = 0x080, ///< company bankrupts, skip money check, skip vehicle on tile check in some cases
+ DC_AUTOREPLACE = 0x100, ///< autoreplace/autorenew is in progress
};
/**
--- a/src/fileio.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/fileio.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -483,9 +483,10 @@
char empty[512];
memset(&empty[0], 0, sizeof(empty));
- while (!feof(f)) {
- fread(&th, 1, 512, f);
- pos += 512;
+ for (;;) { // Note: feof() always returns 'false' after 'fseek()'. Cool, isn't it?
+ size_t num_bytes_read = fread(&th, 1, 512, f);
+ if (num_bytes_read != 512) break;
+ pos += num_bytes_read;
/* Check if we have the new tar-format (ustar) or the old one (a lot of zeros after 'link' field) */
if (strncmp(th.magic, "ustar", 5) != 0 && memcmp(&th.magic, &empty[0], 512 - offsetof(TarHeader, magic)) != 0) {
--- a/src/gfx.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/gfx.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -230,15 +230,20 @@
w += GetCharacterWidth(size, c);
if (w >= maxw) {
- /* string got too big... insert dotdotdot */
- ddd_pos[0] = ddd_pos[1] = ddd_pos[2] = '.';
- ddd_pos[3] = '\0';
+ /* string got too big... insert dotdotdot, but make sure we do not
+ * print anything beyond the string termination character. */
+ for (int i = 0; *ddd_pos != '\0' && i < 3; i++, ddd_pos++) *ddd_pos = '.';
+ *ddd_pos = '\0';
return ddd_w;
}
} else {
- if (c == SCC_SETX) str++;
- else if (c == SCC_SETXY) str += 2;
- else if (c == SCC_TINYFONT) {
+ if (c == SCC_SETX) {
+ w = *str;
+ str++;
+ } else if (c == SCC_SETXY) {
+ w = *str;
+ str += 2;
+ } else if (c == SCC_TINYFONT) {
size = FS_SMALL;
ddd = GetCharacterWidth(size, '.') * 3;
} else if (c == SCC_BIGFONT) {
--- a/src/mixer.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/mixer.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -5,6 +5,7 @@
#include "stdafx.h"
#include "openttd.h"
#include "mixer.h"
+#include "core/math_func.hpp"
struct MixerChannel {
bool active;
@@ -19,8 +20,8 @@
uint32 samples_left;
/* Mixing volume */
- uint volume_left;
- uint volume_right;
+ int volume_left;
+ int volume_right;
uint flags;
};
@@ -28,14 +29,22 @@
static MixerChannel _channels[8];
static uint32 _play_rate;
+/**
+ * The theoretical maximum volume for a single sound sample. Multiple sound
+ * samples should not exceed this limit as it will sound too loud. It also
+ * stops overflowing when too many sounds are played at the same time, which
+ * causes an even worse sound quality.
+ */
+static const int MAX_VOLUME = 128 * 128;
+
static void mix_int8_to_int16(MixerChannel *sc, int16 *buffer, uint samples)
{
int8 *b;
uint32 frac_pos;
uint32 frac_speed;
- uint volume_left;
- uint volume_right;
+ int volume_left;
+ int volume_right;
if (samples > sc->samples_left) samples = sc->samples_left;
sc->samples_left -= samples;
@@ -50,15 +59,15 @@
if (frac_speed == 0x10000) {
/* Special case when frac_speed is 0x10000 */
do {
- buffer[0] += *b * volume_left >> 8;
- buffer[1] += *b * volume_right >> 8;
+ buffer[0] = Clamp(buffer[0] + (*b * volume_left >> 8), -MAX_VOLUME, MAX_VOLUME);
+ buffer[1] = Clamp(buffer[1] + (*b * volume_right >> 8), -MAX_VOLUME, MAX_VOLUME);
b++;
buffer += 2;
} while (--samples > 0);
} else {
do {
- buffer[0] += *b * volume_left >> 8;
- buffer[1] += *b * volume_right >> 8;
+ buffer[0] = Clamp(buffer[0] + (*b * volume_left >> 8), -MAX_VOLUME, MAX_VOLUME);
+ buffer[1] = Clamp(buffer[1] + (*b * volume_right >> 8), -MAX_VOLUME, MAX_VOLUME);
buffer += 2;
frac_pos += frac_speed;
b += frac_pos >> 16;
--- a/src/roadveh_cmd.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/roadveh_cmd.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -163,7 +163,7 @@
* @param tile tile of depot where road vehicle is built
* @param flags operation to perform
* @param p1 bus/truck type being built (engine)
- * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number
+ * @param p2 unused
*/
CommandCost CmdBuildRoadVeh(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
{
@@ -197,7 +197,7 @@
v = vl[0];
/* find the first free roadveh id */
- unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_ROAD);
+ unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_ROAD);
if (unit_num > _patches.max_roadveh)
return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
--- a/src/ship_cmd.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/ship_cmd.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -802,7 +802,7 @@
* @param tile tile of depot where ship is built
* @param flags type of operation
* @param p1 ship type being built (engine)
- * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number
+ * @param p2 unused
*/
CommandCost CmdBuildShip(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
{
@@ -820,7 +820,7 @@
if (!IsTileDepotType(tile, TRANSPORT_WATER)) return CMD_ERROR;
if (!IsTileOwner(tile, _current_player)) return CMD_ERROR;
- unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_SHIP);
+ unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_SHIP);
if (!Vehicle::AllocateList(NULL, 1) || unit_num > _patches.max_ships)
return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
--- a/src/spritecache.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/spritecache.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -147,6 +147,8 @@
sc->ptr = BlitterFactoryBase::GetCurrentBlitter()->Encode(&sprite, &AllocSprite);
free(sprite.data);
+ sc->real_sprite = true;
+
return sc->ptr;
}
/* If the PNG couldn't be loaded, fall back to 8bpp grfs */
--- a/src/train_cmd.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/train_cmd.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -697,8 +697,7 @@
* @param tile tile of the depot where rail-vehicle is built
* @param flags type of operation
* @param p1 engine type id
- * @param p2 bit 0 when set, the train will get number 0, otherwise it will get a free number
- * bit 1 prevents any free cars from being added to the train
+ * @param p2 bit 1 prevents any free cars from being added to the train
*/
CommandCost CmdBuildRailVehicle(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
{
@@ -736,7 +735,7 @@
Vehicle *v = vl[0];
- UnitID unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_TRAIN);
+ UnitID unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_TRAIN);
if (unit_num > _patches.max_trains)
return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
@@ -809,7 +808,7 @@
TrainConsistChanged(v);
UpdateTrainGroupID(v);
- if (!HasBit(p2, 1)) { // check if the cars should be added to the new vehicle
+ if (!HasBit(p2, 1) && !(flags & DC_AUTOREPLACE)) { // check if the cars should be added to the new vehicle
NormalizeTrainVehInDepot(v);
}
--- a/src/win32.cpp Wed Jul 09 19:39:57 2008 +0000
+++ b/src/win32.cpp Wed Jul 16 10:07:38 2008 +0000
@@ -31,6 +31,7 @@
#include <sys/stat.h>
#if defined(_MSC_VER) && !defined(WINCE)
#include <dbghelp.h>
+ #include "strings_func.h"
#endif
static bool _has_console;
@@ -492,6 +493,8 @@
if (_exception_string)
output += sprintf(output, "Reason: %s\r\n", _exception_string);
+ output += sprintf(output, "Language: %s\r\n", _dynlang.curr_file);
+
#ifdef _M_AMD64
output += sprintf(output, "Exception %.8X at %.16IX\r\n"
"Registers:\r\n"