(svn r13708) [0.6] -Backport from trunk:

- Fix: Possible buffer overflow in string truncation code (r13700)
- Fix: Handle SETX(Y) properly when truncating a string instead of ignoring it and returning a too long string (r13699)
- Fix: In some cases the (sound) mixer could overflow causing artefacts in the sound [FS#2120] (r13695)
- Fix: Do not rely on .tar files always ending with a block of zeros (r13693)
- Fix: Make sure a command is ran in the context of autoreplace or not (r13691)

changelog.txt

@@ -1,5 +1,10 @@
 0.6.2-RC1 (2008-??-??)
 ------------------------------------------------------------------------
+- Fix: Possible buffer overflow in string truncation code (r13700)
+- Fix: Handle SETX(Y) properly when truncating a string instead of ignoring it and returning a too long string (r13699)
+- Fix: In some cases the (sound) mixer could overflow causing artefacts in the sound [FS#2120] (r13695)
+- Fix: Do not rely on .tar files always ending with a block of zeros (r13693)
+- Fix: Make sure a command is ran in the context of autoreplace or not (r13691)
 - Fix: In the case that elrails and 'realistic' acceleration are disabled all electrified engines would have no power on load, until the vehicle got turned around, loaded or got into a depot [FS#2102]- Fix: Saving TTD imported games in recession failed due to wrong (and unneeded) type conversions in the saveload code [FS#2131] (r13679)
 - Fix: Inactive companies from old (TTD) saves could be marked active in some cases, which then loads garbage in their statistics and such [FS#2126] (r13676)
 - Fix: Memory leak when NewGRFs got forcefully disabled and they defined GOTO labels (r13675)

src/aircraft_cmd.cpp

@@ -271,7 +271,7 @@ uint16 AircraftDefaultCargoCapacity(CargoID cid, const AircraftVehicleInfo *avi)
  * @param tile tile of depot where aircraft is built
  * @param flags for command
  * @param p1 aircraft type being built (engine)
- * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number
+ * @param p2 unused
  * return result of operation.  Could be cost, error
  */
 CommandCost CmdBuildAircraft(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
@@ -296,7 +296,7 @@ CommandCost CmdBuildAircraft(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
 		return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
 	}
 
-	UnitID unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_AIRCRAFT);
+	UnitID unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_AIRCRAFT);
 	if (unit_num > _patches.max_aircraft)
 		return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
 

src/autoreplace_cmd.cpp

@@ -127,7 +127,7 @@ static CargoID GetNewCargoTypeForReplace(Vehicle *v, EngineID engine_type)
  * @param flags is the flags to use when calling DoCommand(). Mainly DC_EXEC counts
  * @return value is cost of the replacement or CMD_ERROR
  */
-static CommandCost ReplaceVehicle(Vehicle **w, byte flags, Money total_cost)
+static CommandCost ReplaceVehicle(Vehicle **w, uint32 flags, Money total_cost)
 {
 	CommandCost cost;
 	CommandCost sell_value;
@@ -157,7 +157,7 @@ static CommandCost ReplaceVehicle(Vehicle **w, byte flags, Money total_cost)
 	 * We take it back if building fails or when we really sell the old engine */
 	SubtractMoneyFromPlayer(sell_value);
 
-	cost = DoCommand(old_v->tile, new_engine_type, 3, flags, GetCmdBuildVeh(old_v));
+	cost = DoCommand(old_v->tile, new_engine_type, 0, flags | DC_AUTOREPLACE, GetCmdBuildVeh(old_v));
 	if (CmdFailed(cost)) {
 		/* Take back the money we just gave the player */
 		sell_value.MultiplyCost(-1);
@@ -246,7 +246,7 @@ static CommandCost ReplaceVehicle(Vehicle **w, byte flags, Money total_cost)
 			if (next_veh != NULL) {
 				/* Verify that the wagons can be placed on the engine in question.
 				 * This is done by building an engine, test if the wagons can be added and then sell the test engine. */
-				DoCommand(old_v->tile, new_engine_type, 3, DC_EXEC, GetCmdBuildVeh(old_v));
+				DoCommand(old_v->tile, new_engine_type, 0, DC_EXEC | DC_AUTOREPLACE, GetCmdBuildVeh(old_v));
 				Vehicle *temp = GetVehicle(_new_vehicle_id);
 				tmp_move = DoCommand(0, (temp->index << 16) | next_veh->index, 1, 0, CMD_MOVE_RAIL_VEHICLE);
 				DoCommand(0, temp->index, 0, DC_EXEC, GetCmdSellVeh(old_v));

src/command_type.h

@@ -264,14 +264,15 @@ enum {
  * This enums defines some flags which can be used for the commands.
  */
 enum {
-	DC_EXEC            = 0x01, ///< execute the given command
-	DC_AUTO            = 0x02, ///< don't allow building on structures
-	DC_QUERY_COST      = 0x04, ///< query cost only,  don't build.
-	DC_NO_WATER        = 0x08, ///< don't allow building on water
-	DC_NO_RAIL_OVERLAP = 0x10, ///< don't allow overlap of rails (used in buildrail)
-	DC_AI_BUILDING     = 0x20, ///< special building rules for AI
-	DC_NO_TOWN_RATING  = 0x40, ///< town rating does not disallow you from building
-	DC_BANKRUPT        = 0x80, ///< company bankrupts, skip money check, skip vehicle on tile check in some cases
+	DC_EXEC            = 0x001, ///< execute the given command
+	DC_AUTO            = 0x002, ///< don't allow building on structures
+	DC_QUERY_COST      = 0x004, ///< query cost only,  don't build.
+	DC_NO_WATER        = 0x008, ///< don't allow building on water
+	DC_NO_RAIL_OVERLAP = 0x010, ///< don't allow overlap of rails (used in buildrail)
+	DC_AI_BUILDING     = 0x020, ///< special building rules for AI
+	DC_NO_TOWN_RATING  = 0x040, ///< town rating does not disallow you from building
+	DC_BANKRUPT        = 0x080, ///< company bankrupts, skip money check, skip vehicle on tile check in some cases
+	DC_AUTOREPLACE     = 0x100, ///< autoreplace/autorenew is in progress
 };
 
 /**

src/fileio.cpp

@@ -483,9 +483,10 @@ static bool TarListAddFile(const char *filename)
 	char empty[512];
 	memset(&empty[0], 0, sizeof(empty));
 
-	while (!feof(f)) {
-		fread(&th, 1, 512, f);
-		pos += 512;
+	for (;;) { // Note: feof() always returns 'false' after 'fseek()'. Cool, isn't it?
+		size_t num_bytes_read = fread(&th, 1, 512, f);
+		if (num_bytes_read != 512) break;
+		pos += num_bytes_read;
 
 		/* Check if we have the new tar-format (ustar) or the old one (a lot of zeros after 'link' field) */
 		if (strncmp(th.magic, "ustar", 5) != 0 && memcmp(&th.magic, &empty[0], 512 - offsetof(TarHeader, magic)) != 0) {

src/gfx.cpp

@@ -230,15 +230,20 @@ static int TruncateString(char *str, int maxw)
 			w += GetCharacterWidth(size, c);
 
 			if (w >= maxw) {
-				/* string got too big... insert dotdotdot */
-				ddd_pos[0] = ddd_pos[1] = ddd_pos[2] = '.';
-				ddd_pos[3] = '\0';
+				/* string got too big... insert dotdotdot, but make sure we do not
+				 * print anything beyond the string termination character. */
+				for (int i = 0; *ddd_pos != '\0' && i < 3; i++, ddd_pos++) *ddd_pos = '.';
+				*ddd_pos = '\0';
 				return ddd_w;
 			}
 		} else {
-			if (c == SCC_SETX) str++;
-			else if (c == SCC_SETXY) str += 2;
-			else if (c == SCC_TINYFONT) {
+			if (c == SCC_SETX) {
+				w = *str;
+				str++;
+			} else if (c == SCC_SETXY) {
+				w = *str;
+				str += 2;
+			} else if (c == SCC_TINYFONT) {
 				size = FS_SMALL;
 				ddd = GetCharacterWidth(size, '.') * 3;
 			} else if (c == SCC_BIGFONT) {

src/mixer.cpp

@@ -5,6 +5,7 @@
 #include "stdafx.h"
 #include "openttd.h"
 #include "mixer.h"
+#include "core/math_func.hpp"
 
 struct MixerChannel {
 	bool active;
@@ -19,8 +20,8 @@ struct MixerChannel {
 	uint32 samples_left;
 
 	/* Mixing volume */
-	uint volume_left;
-	uint volume_right;
+	int volume_left;
+	int volume_right;
 
 	uint flags;
 };
@@ -28,14 +29,22 @@ struct MixerChannel {
 static MixerChannel _channels[8];
 static uint32 _play_rate;
 
+/**
+ * The theoretical maximum volume for a single sound sample. Multiple sound
+ * samples should not exceed this limit as it will sound too loud. It also
+ * stops overflowing when too many sounds are played at the same time, which
+ * causes an even worse sound quality.
+ */
+static const int MAX_VOLUME = 128 * 128;
+
 
 static void mix_int8_to_int16(MixerChannel *sc, int16 *buffer, uint samples)
 {
 	int8 *b;
 	uint32 frac_pos;
 	uint32 frac_speed;
-	uint volume_left;
-	uint volume_right;
+	int volume_left;
+	int volume_right;
 
 	if (samples > sc->samples_left) samples = sc->samples_left;
 	sc->samples_left -= samples;
@@ -50,15 +59,15 @@ static void mix_int8_to_int16(MixerChannel *sc, int16 *buffer, uint samples)
 	if (frac_speed == 0x10000) {
 		/* Special case when frac_speed is 0x10000 */
 		do {
-			buffer[0] += *b * volume_left >> 8;
-			buffer[1] += *b * volume_right >> 8;
+			buffer[0] = Clamp(buffer[0] + (*b * volume_left  >> 8), -MAX_VOLUME, MAX_VOLUME);
+			buffer[1] = Clamp(buffer[1] + (*b * volume_right >> 8), -MAX_VOLUME, MAX_VOLUME);
 			b++;
 			buffer += 2;
 		} while (--samples > 0);
 	} else {
 		do {
-			buffer[0] += *b * volume_left >> 8;
-			buffer[1] += *b * volume_right >> 8;
+			buffer[0] = Clamp(buffer[0] + (*b * volume_left  >> 8), -MAX_VOLUME, MAX_VOLUME);
+			buffer[1] = Clamp(buffer[1] + (*b * volume_right >> 8), -MAX_VOLUME, MAX_VOLUME);
 			buffer += 2;
 			frac_pos += frac_speed;
 			b += frac_pos >> 16;

src/roadveh_cmd.cpp

@@ -163,7 +163,7 @@ void RoadVehUpdateCache(Vehicle *v)
  * @param tile tile of depot where road vehicle is built
  * @param flags operation to perform
  * @param p1 bus/truck type being built (engine)
- * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number
+ * @param p2 unused
  */
 CommandCost CmdBuildRoadVeh(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
 {
@@ -197,7 +197,7 @@ CommandCost CmdBuildRoadVeh(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
 	v = vl[0];
 
 	/* find the first free roadveh id */
-	unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_ROAD);
+	unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_ROAD);
 	if (unit_num > _patches.max_roadveh)
 		return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
 

src/ship_cmd.cpp

@@ -802,7 +802,7 @@ void ShipsYearlyLoop()
  * @param tile tile of depot where ship is built
  * @param flags type of operation
  * @param p1 ship type being built (engine)
- * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number
+ * @param p2 unused
  */
 CommandCost CmdBuildShip(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
 {
@@ -820,7 +820,7 @@ CommandCost CmdBuildShip(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
 	if (!IsTileDepotType(tile, TRANSPORT_WATER)) return CMD_ERROR;
 	if (!IsTileOwner(tile, _current_player)) return CMD_ERROR;
 
-	unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_SHIP);
+	unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_SHIP);
 
 	if (!Vehicle::AllocateList(NULL, 1) || unit_num > _patches.max_ships)
 		return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);

src/spritecache.cpp

@@ -147,6 +147,8 @@ static void* ReadSprite(SpriteCache *sc, SpriteID id, bool real_sprite)
 			sc->ptr = BlitterFactoryBase::GetCurrentBlitter()->Encode(&sprite, &AllocSprite);
 			free(sprite.data);
 
+			sc->real_sprite = true;
+
 			return sc->ptr;
 		}
 		/* If the PNG couldn't be loaded, fall back to 8bpp grfs */

src/train_cmd.cpp

@@ -697,8 +697,7 @@ static void AddRearEngineToMultiheadedTrain(Vehicle* v, Vehicle* u, bool buildin
  * @param tile tile of the depot where rail-vehicle is built
  * @param flags type of operation
  * @param p1 engine type id
- * @param p2 bit 0 when set, the train will get number 0, otherwise it will get a free number
- *           bit 1 prevents any free cars from being added to the train
+ * @param p2 bit 1 prevents any free cars from being added to the train
  */
 CommandCost CmdBuildRailVehicle(TileIndex tile, uint32 flags, uint32 p1, uint32 p2)
 {
@@ -736,7 +735,7 @@ CommandCost CmdBuildRailVehicle(TileIndex tile, uint32 flags, uint32 p1, uint32
 
 		Vehicle *v = vl[0];
 
-		UnitID unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_TRAIN);
+		UnitID unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_TRAIN);
 		if (unit_num > _patches.max_trains)
 			return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME);
 
@@ -809,7 +808,7 @@ CommandCost CmdBuildRailVehicle(TileIndex tile, uint32 flags, uint32 p1, uint32
 			TrainConsistChanged(v);
 			UpdateTrainGroupID(v);
 
-			if (!HasBit(p2, 1)) { // check if the cars should be added to the new vehicle
+			if (!HasBit(p2, 1) && !(flags & DC_AUTOREPLACE)) { // check if the cars should be added to the new vehicle
 				NormalizeTrainVehInDepot(v);
 			}
 

src/win32.cpp

@@ -31,6 +31,7 @@
 #include <sys/stat.h>
 #if defined(_MSC_VER) && !defined(WINCE)
 	#include <dbghelp.h>
+	#include "strings_func.h"
 #endif
 
 static bool _has_console;
@@ -492,6 +493,8 @@ static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep)
 	if (_exception_string)
 		output += sprintf(output, "Reason: %s\r\n", _exception_string);
 
+	output += sprintf(output, "Language: %s\r\n", _dynlang.curr_file);
+
 #ifdef _M_AMD64
 	output += sprintf(output, "Exception %.8X at %.16IX\r\n"
 		"Registers:\r\n"