diff options
| author | pionere <pionere@freemail.hu> | 2025-03-01 13:02:16 +0100 |
|---|---|---|
| committer | pionere <pionere@freemail.hu> | 2025-03-01 13:02:16 +0100 |
| commit | ac9be1ae60b0de848209702843940d766ea3bf8e (patch) | |
| tree | 36c8401f11a194ecf18e1e8d29299c12fd5c8889 | |
| parent | 17afc22d0afb33a797d34edcc780f8efd66336bd (diff) | |
validate dwHashTableSize
- dwHashTableSize must be a power of two, otherwise HASH_INDEX_MASK does not work
| -rw-r--r-- | src/SBaseFileTable.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp index 0461be2..843f81e 100644 --- a/src/SBaseFileTable.cpp +++ b/src/SBaseFileTable.cpp @@ -2560,7 +2560,12 @@ DWORD LoadAnyHashTable(TMPQArchive * ha) // Note that we load the classic hash table even when HET table exists,
// because if the MPQ gets modified and saved, hash table must be there
if(pHeader->dwHashTableSize)
+ {
+ // hash-table size must be a power or 2
+ if ((pHeader->dwHashTableSize & (pHeader->dwHashTableSize - 1)) != 0)
+ return ERROR_FILE_CORRUPT;
ha->pHashTable = LoadHashTable(ha);
+ }
// At least one of the tables must be present
if(ha->pHetTable == NULL && ha->pHashTable == NULL)
|