diff --git a/changelog.txt b/changelog.txt index 17391a3067..344ecf28ed 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,5 +1,10 @@ 0.6.2-RC1 (2008-??-??) ------------------------------------------------------------------------ +- Fix: Possible buffer overflow in string truncation code (r13700) +- Fix: Handle SETX(Y) properly when truncating a string instead of ignoring it and returning a too long string (r13699) +- Fix: In some cases the (sound) mixer could overflow causing artefacts in the sound [FS#2120] (r13695) +- Fix: Do not rely on .tar files always ending with a block of zeros (r13693) +- Fix: Make sure a command is ran in the context of autoreplace or not (r13691) - Fix: In the case that elrails and 'realistic' acceleration are disabled all electrified engines would have no power on load, until the vehicle got turned around, loaded or got into a depot [FS#2102]- Fix: Saving TTD imported games in recession failed due to wrong (and unneeded) type conversions in the saveload code [FS#2131] (r13679) - Fix: Inactive companies from old (TTD) saves could be marked active in some cases, which then loads garbage in their statistics and such [FS#2126] (r13676) - Fix: Memory leak when NewGRFs got forcefully disabled and they defined GOTO labels (r13675) diff --git a/src/aircraft_cmd.cpp b/src/aircraft_cmd.cpp index 0920b109bd..36ef9f4011 100644 --- a/src/aircraft_cmd.cpp +++ b/src/aircraft_cmd.cpp @@ -271,7 +271,7 @@ uint16 AircraftDefaultCargoCapacity(CargoID cid, const AircraftVehicleInfo *avi) * @param tile tile of depot where aircraft is built * @param flags for command * @param p1 aircraft type being built (engine) - * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number + * @param p2 unused * return result of operation. Could be cost, error */ CommandCost CmdBuildAircraft(TileIndex tile, uint32 flags, uint32 p1, uint32 p2) @@ -296,7 +296,7 @@ CommandCost CmdBuildAircraft(TileIndex tile, uint32 flags, uint32 p1, uint32 p2) return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME); } - UnitID unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_AIRCRAFT); + UnitID unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_AIRCRAFT); if (unit_num > _patches.max_aircraft) return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME); diff --git a/src/autoreplace_cmd.cpp b/src/autoreplace_cmd.cpp index 2eafe98124..1ffd3384c9 100644 --- a/src/autoreplace_cmd.cpp +++ b/src/autoreplace_cmd.cpp @@ -127,7 +127,7 @@ static CargoID GetNewCargoTypeForReplace(Vehicle *v, EngineID engine_type) * @param flags is the flags to use when calling DoCommand(). Mainly DC_EXEC counts * @return value is cost of the replacement or CMD_ERROR */ -static CommandCost ReplaceVehicle(Vehicle **w, byte flags, Money total_cost) +static CommandCost ReplaceVehicle(Vehicle **w, uint32 flags, Money total_cost) { CommandCost cost; CommandCost sell_value; @@ -157,7 +157,7 @@ static CommandCost ReplaceVehicle(Vehicle **w, byte flags, Money total_cost) * We take it back if building fails or when we really sell the old engine */ SubtractMoneyFromPlayer(sell_value); - cost = DoCommand(old_v->tile, new_engine_type, 3, flags, GetCmdBuildVeh(old_v)); + cost = DoCommand(old_v->tile, new_engine_type, 0, flags | DC_AUTOREPLACE, GetCmdBuildVeh(old_v)); if (CmdFailed(cost)) { /* Take back the money we just gave the player */ sell_value.MultiplyCost(-1); @@ -246,7 +246,7 @@ static CommandCost ReplaceVehicle(Vehicle **w, byte flags, Money total_cost) if (next_veh != NULL) { /* Verify that the wagons can be placed on the engine in question. * This is done by building an engine, test if the wagons can be added and then sell the test engine. */ - DoCommand(old_v->tile, new_engine_type, 3, DC_EXEC, GetCmdBuildVeh(old_v)); + DoCommand(old_v->tile, new_engine_type, 0, DC_EXEC | DC_AUTOREPLACE, GetCmdBuildVeh(old_v)); Vehicle *temp = GetVehicle(_new_vehicle_id); tmp_move = DoCommand(0, (temp->index << 16) | next_veh->index, 1, 0, CMD_MOVE_RAIL_VEHICLE); DoCommand(0, temp->index, 0, DC_EXEC, GetCmdSellVeh(old_v)); diff --git a/src/command_type.h b/src/command_type.h index 281933e432..27f8969e53 100644 --- a/src/command_type.h +++ b/src/command_type.h @@ -264,14 +264,15 @@ enum { * This enums defines some flags which can be used for the commands. */ enum { - DC_EXEC = 0x01, ///< execute the given command - DC_AUTO = 0x02, ///< don't allow building on structures - DC_QUERY_COST = 0x04, ///< query cost only, don't build. - DC_NO_WATER = 0x08, ///< don't allow building on water - DC_NO_RAIL_OVERLAP = 0x10, ///< don't allow overlap of rails (used in buildrail) - DC_AI_BUILDING = 0x20, ///< special building rules for AI - DC_NO_TOWN_RATING = 0x40, ///< town rating does not disallow you from building - DC_BANKRUPT = 0x80, ///< company bankrupts, skip money check, skip vehicle on tile check in some cases + DC_EXEC = 0x001, ///< execute the given command + DC_AUTO = 0x002, ///< don't allow building on structures + DC_QUERY_COST = 0x004, ///< query cost only, don't build. + DC_NO_WATER = 0x008, ///< don't allow building on water + DC_NO_RAIL_OVERLAP = 0x010, ///< don't allow overlap of rails (used in buildrail) + DC_AI_BUILDING = 0x020, ///< special building rules for AI + DC_NO_TOWN_RATING = 0x040, ///< town rating does not disallow you from building + DC_BANKRUPT = 0x080, ///< company bankrupts, skip money check, skip vehicle on tile check in some cases + DC_AUTOREPLACE = 0x100, ///< autoreplace/autorenew is in progress }; /** diff --git a/src/fileio.cpp b/src/fileio.cpp index c6eb90ca97..66a0bcc170 100644 --- a/src/fileio.cpp +++ b/src/fileio.cpp @@ -483,9 +483,10 @@ static bool TarListAddFile(const char *filename) char empty[512]; memset(&empty[0], 0, sizeof(empty)); - while (!feof(f)) { - fread(&th, 1, 512, f); - pos += 512; + for (;;) { // Note: feof() always returns 'false' after 'fseek()'. Cool, isn't it? + size_t num_bytes_read = fread(&th, 1, 512, f); + if (num_bytes_read != 512) break; + pos += num_bytes_read; /* Check if we have the new tar-format (ustar) or the old one (a lot of zeros after 'link' field) */ if (strncmp(th.magic, "ustar", 5) != 0 && memcmp(&th.magic, &empty[0], 512 - offsetof(TarHeader, magic)) != 0) { diff --git a/src/gfx.cpp b/src/gfx.cpp index 40c2b170f5..f70f6f8d79 100644 --- a/src/gfx.cpp +++ b/src/gfx.cpp @@ -230,15 +230,20 @@ static int TruncateString(char *str, int maxw) w += GetCharacterWidth(size, c); if (w >= maxw) { - /* string got too big... insert dotdotdot */ - ddd_pos[0] = ddd_pos[1] = ddd_pos[2] = '.'; - ddd_pos[3] = '\0'; + /* string got too big... insert dotdotdot, but make sure we do not + * print anything beyond the string termination character. */ + for (int i = 0; *ddd_pos != '\0' && i < 3; i++, ddd_pos++) *ddd_pos = '.'; + *ddd_pos = '\0'; return ddd_w; } } else { - if (c == SCC_SETX) str++; - else if (c == SCC_SETXY) str += 2; - else if (c == SCC_TINYFONT) { + if (c == SCC_SETX) { + w = *str; + str++; + } else if (c == SCC_SETXY) { + w = *str; + str += 2; + } else if (c == SCC_TINYFONT) { size = FS_SMALL; ddd = GetCharacterWidth(size, '.') * 3; } else if (c == SCC_BIGFONT) { diff --git a/src/mixer.cpp b/src/mixer.cpp index e76af957e2..7ed1e87d20 100644 --- a/src/mixer.cpp +++ b/src/mixer.cpp @@ -5,6 +5,7 @@ #include "stdafx.h" #include "openttd.h" #include "mixer.h" +#include "core/math_func.hpp" struct MixerChannel { bool active; @@ -19,8 +20,8 @@ struct MixerChannel { uint32 samples_left; /* Mixing volume */ - uint volume_left; - uint volume_right; + int volume_left; + int volume_right; uint flags; }; @@ -28,14 +29,22 @@ struct MixerChannel { static MixerChannel _channels[8]; static uint32 _play_rate; +/** + * The theoretical maximum volume for a single sound sample. Multiple sound + * samples should not exceed this limit as it will sound too loud. It also + * stops overflowing when too many sounds are played at the same time, which + * causes an even worse sound quality. + */ +static const int MAX_VOLUME = 128 * 128; + static void mix_int8_to_int16(MixerChannel *sc, int16 *buffer, uint samples) { int8 *b; uint32 frac_pos; uint32 frac_speed; - uint volume_left; - uint volume_right; + int volume_left; + int volume_right; if (samples > sc->samples_left) samples = sc->samples_left; sc->samples_left -= samples; @@ -50,15 +59,15 @@ static void mix_int8_to_int16(MixerChannel *sc, int16 *buffer, uint samples) if (frac_speed == 0x10000) { /* Special case when frac_speed is 0x10000 */ do { - buffer[0] += *b * volume_left >> 8; - buffer[1] += *b * volume_right >> 8; + buffer[0] = Clamp(buffer[0] + (*b * volume_left >> 8), -MAX_VOLUME, MAX_VOLUME); + buffer[1] = Clamp(buffer[1] + (*b * volume_right >> 8), -MAX_VOLUME, MAX_VOLUME); b++; buffer += 2; } while (--samples > 0); } else { do { - buffer[0] += *b * volume_left >> 8; - buffer[1] += *b * volume_right >> 8; + buffer[0] = Clamp(buffer[0] + (*b * volume_left >> 8), -MAX_VOLUME, MAX_VOLUME); + buffer[1] = Clamp(buffer[1] + (*b * volume_right >> 8), -MAX_VOLUME, MAX_VOLUME); buffer += 2; frac_pos += frac_speed; b += frac_pos >> 16; diff --git a/src/roadveh_cmd.cpp b/src/roadveh_cmd.cpp index 6071147c25..dd14308cd4 100644 --- a/src/roadveh_cmd.cpp +++ b/src/roadveh_cmd.cpp @@ -163,7 +163,7 @@ void RoadVehUpdateCache(Vehicle *v) * @param tile tile of depot where road vehicle is built * @param flags operation to perform * @param p1 bus/truck type being built (engine) - * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number + * @param p2 unused */ CommandCost CmdBuildRoadVeh(TileIndex tile, uint32 flags, uint32 p1, uint32 p2) { @@ -197,7 +197,7 @@ CommandCost CmdBuildRoadVeh(TileIndex tile, uint32 flags, uint32 p1, uint32 p2) v = vl[0]; /* find the first free roadveh id */ - unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_ROAD); + unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_ROAD); if (unit_num > _patches.max_roadveh) return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME); diff --git a/src/ship_cmd.cpp b/src/ship_cmd.cpp index acae06119a..2cafb4d8dd 100644 --- a/src/ship_cmd.cpp +++ b/src/ship_cmd.cpp @@ -802,7 +802,7 @@ void ShipsYearlyLoop() * @param tile tile of depot where ship is built * @param flags type of operation * @param p1 ship type being built (engine) - * @param p2 bit 0 when set, the unitnumber will be 0, otherwise it will be a free number + * @param p2 unused */ CommandCost CmdBuildShip(TileIndex tile, uint32 flags, uint32 p1, uint32 p2) { @@ -820,7 +820,7 @@ CommandCost CmdBuildShip(TileIndex tile, uint32 flags, uint32 p1, uint32 p2) if (!IsTileDepotType(tile, TRANSPORT_WATER)) return CMD_ERROR; if (!IsTileOwner(tile, _current_player)) return CMD_ERROR; - unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_SHIP); + unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_SHIP); if (!Vehicle::AllocateList(NULL, 1) || unit_num > _patches.max_ships) return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME); diff --git a/src/spritecache.cpp b/src/spritecache.cpp index 1c4bed6319..9fb77d0448 100644 --- a/src/spritecache.cpp +++ b/src/spritecache.cpp @@ -147,6 +147,8 @@ static void* ReadSprite(SpriteCache *sc, SpriteID id, bool real_sprite) sc->ptr = BlitterFactoryBase::GetCurrentBlitter()->Encode(&sprite, &AllocSprite); free(sprite.data); + sc->real_sprite = true; + return sc->ptr; } /* If the PNG couldn't be loaded, fall back to 8bpp grfs */ diff --git a/src/train_cmd.cpp b/src/train_cmd.cpp index 7c834ea9c8..0f5c7bf6ba 100644 --- a/src/train_cmd.cpp +++ b/src/train_cmd.cpp @@ -697,8 +697,7 @@ static void AddRearEngineToMultiheadedTrain(Vehicle* v, Vehicle* u, bool buildin * @param tile tile of the depot where rail-vehicle is built * @param flags type of operation * @param p1 engine type id - * @param p2 bit 0 when set, the train will get number 0, otherwise it will get a free number - * bit 1 prevents any free cars from being added to the train + * @param p2 bit 1 prevents any free cars from being added to the train */ CommandCost CmdBuildRailVehicle(TileIndex tile, uint32 flags, uint32 p1, uint32 p2) { @@ -736,7 +735,7 @@ CommandCost CmdBuildRailVehicle(TileIndex tile, uint32 flags, uint32 p1, uint32 Vehicle *v = vl[0]; - UnitID unit_num = HasBit(p2, 0) ? 0 : GetFreeUnitNumber(VEH_TRAIN); + UnitID unit_num = (flags & DC_AUTOREPLACE) ? 0 : GetFreeUnitNumber(VEH_TRAIN); if (unit_num > _patches.max_trains) return_cmd_error(STR_00E1_TOO_MANY_VEHICLES_IN_GAME); @@ -809,7 +808,7 @@ CommandCost CmdBuildRailVehicle(TileIndex tile, uint32 flags, uint32 p1, uint32 TrainConsistChanged(v); UpdateTrainGroupID(v); - if (!HasBit(p2, 1)) { // check if the cars should be added to the new vehicle + if (!HasBit(p2, 1) && !(flags & DC_AUTOREPLACE)) { // check if the cars should be added to the new vehicle NormalizeTrainVehInDepot(v); } diff --git a/src/win32.cpp b/src/win32.cpp index 4fb2b67a49..e54a21d486 100644 --- a/src/win32.cpp +++ b/src/win32.cpp @@ -31,6 +31,7 @@ #include #if defined(_MSC_VER) && !defined(WINCE) #include + #include "strings_func.h" #endif static bool _has_console; @@ -492,6 +493,8 @@ static LONG WINAPI ExceptionHandler(EXCEPTION_POINTERS *ep) if (_exception_string) output += sprintf(output, "Reason: %s\r\n", _exception_string); + output += sprintf(output, "Language: %s\r\n", _dynlang.curr_file); + #ifdef _M_AMD64 output += sprintf(output, "Exception %.8X at %.16IX\r\n" "Registers:\r\n"