diff options
| author | Ladislav Zezula <zezula@volny.cz> | 2024-04-21 20:30:56 +0200 |
|---|---|---|
| committer | Ladislav Zezula <zezula@volny.cz> | 2024-04-21 20:30:56 +0200 |
| commit | 5232da3f6ac96177db4d2d806c37c82fc664af8b (patch) | |
| tree | 065d04fb8d415efe4dde631a7ac6579de1bce046 | |
| parent | c4e3490d729ba42e92803b7f2ef90ed86b0b0eca (diff) | |
Fixed buffer overflow in https://github.com/ladislav-zezula/StormLib/issues/338
| -rw-r--r-- | src/SBaseFileTable.cpp | 4 | ||||
| -rwxr-xr-x | test/StormTest.cpp | 4 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp index fc9418a..1ed8140 100644 --- a/src/SBaseFileTable.cpp +++ b/src/SBaseFileTable.cpp @@ -574,6 +574,10 @@ DWORD ConvertMpqHeaderToFormat4( // Fill the rest of the header with zeros
memset((LPBYTE)pHeader + MPQ_HEADER_SIZE_V2, 0, sizeof(TMPQHeader) - MPQ_HEADER_SIZE_V2);
+ // Check position of the Hi-block table
+ if(pHeader->HiBlockTablePos64 > FileSize)
+ return ERROR_FILE_CORRUPT;
+
// Calculate the expected hash table size
pHeader->HashTableSize64 = (pHeader->dwHashTableSize * sizeof(TMPQHash));
HashTablePos64 = MAKE_OFFSET64(pHeader->wHashTablePosHi, pHeader->dwHashTablePos);
diff --git a/test/StormTest.cpp b/test/StormTest.cpp index 721ee19..3c8051e 100755 --- a/test/StormTest.cpp +++ b/test/StormTest.cpp @@ -3789,9 +3789,8 @@ static void Test_PlayingSpace() {
HANDLE hMpq = NULL;
- if(SFileOpenArchive(_T("e:\\poc21"), 0, 0, &hMpq))
+ if(SFileOpenArchive(_T("e:\\poc24"), 0, 0, &hMpq))
{
- SFileCompactArchive(hMpq, _T("e:\\Ladik\\Incoming\\poc18"), true);
SFileCloseArchive(hMpq);
}
}
@@ -4010,6 +4009,7 @@ static const TEST_INFO1 Test_OpenMpqs[] = {_T("pocs/MPQ_2024_09_InvalidSectorSize.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2024_10_HuffDecompressError.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2024_10_SparseDecompressError.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
+ {_T("pocs/MPQ_2024_11_HiBlockTablePosInvalid.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
// Correct or damaged archives
{_T("MPQ_1997_v1_Diablo1_DIABDAT.MPQ"), NULL, "554b538541e42170ed41cb236483489e", 2910, &TwoFilesD1}, // Base MPQ from Diablo 1
|