Fixed too-big-alloc in https://github.com/ladislav-zezula/StormLib/issues/329

2 files changed, 16 insertions, 2 deletions

diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index 274129d..84cfe45 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -635,6 +635,8 @@ DWORD ConvertMpqHeaderToFormat4(
             // Size of the hi-block table

             if(pHeader->HiBlockTablePos64)

             {

+                if(pHeader->HiBlockTablePos64 > FileSize)

+                    return ERROR_FILE_CORRUPT;

                 pHeader->HiBlockTableSize64 = MaxOffset - pHeader->HiBlockTablePos64;

                 MaxOffset = pHeader->HiBlockTablePos64;

             }

@@ -642,6 +644,8 @@ DWORD ConvertMpqHeaderToFormat4(
             // Size of the block table

             if(BlockTablePos64)

             {

+                if(BlockTablePos64 > FileSize)

+                    return ERROR_FILE_CORRUPT;

                 pHeader->BlockTableSize64 = MaxOffset - BlockTablePos64;

                 MaxOffset = BlockTablePos64;

             }

@@ -649,6 +653,8 @@ DWORD ConvertMpqHeaderToFormat4(
             // Size of the hash table

             if(HashTablePos64)

             {

+                if(HashTablePos64 > FileSize)

+                    return ERROR_FILE_CORRUPT;

                 pHeader->HashTableSize64 = MaxOffset - HashTablePos64;

                 MaxOffset = HashTablePos64;

             }

@@ -656,6 +662,8 @@ DWORD ConvertMpqHeaderToFormat4(
             // Size of the BET table

             if(pHeader->BetTablePos64)

             {

+                if(pHeader->BetTablePos64 > FileSize)

+                    return ERROR_FILE_CORRUPT;

                 pHeader->BetTableSize64 = MaxOffset - pHeader->BetTablePos64;

                 MaxOffset = pHeader->BetTablePos64;

             }

@@ -663,6 +671,8 @@ DWORD ConvertMpqHeaderToFormat4(
             // Size of the HET table

             if(pHeader->HetTablePos64)

             {

+                if(pHeader->HetTablePos64 > FileSize)

+                    return ERROR_FILE_CORRUPT;

                 pHeader->HetTableSize64 = MaxOffset - pHeader->HetTablePos64;

 //              MaxOffset = pHeader->HetTablePos64;

             }

diff --git a/test/StormTest.cpp b/test/StormTest.cpp
index 718c910..00c5e13 100755
--- a/test/StormTest.cpp
+++ b/test/StormTest.cpp
@@ -4002,6 +4002,11 @@ static const TEST_INFO1 TestList_MasterMirror[] =
 

 static const TEST_INFO1 Test_OpenMpqs[] =

 {

+    // PoC's by Gabe Sherman from FuturesLab

+    {_T("pocs/MPQ_2024_01_HeapOverrun.mpq"),                    NULL, "7008f95dcbc4e5d840830c176dec6969",    14},

+    {_T("pocs/MPQ_2024_02_StackOverflow.mpq"),                  NULL, "7093fcbcc9674b3e152e74e8e8a937bb",     4},

+    {_T("pocs/MPQ_2024_03_TooBigAlloc.mpq"),                    NULL, "--------------------------------",  TFLG_WILL_FAIL},

+

     // Correct or damaged archives

     {_T("MPQ_1997_v1_Diablo1_DIABDAT.MPQ"),                     NULL, "554b538541e42170ed41cb236483489e",  2910, &TwoFilesD1},  // Base MPQ from Diablo 1

     {_T("MPQ_1997_v1_patch_rt_SC1B.mpq"),                       NULL, "43fe7d362955be68a708486e399576a7",    10},               // From Starcraft 1 BETA

@@ -4182,12 +4187,11 @@ static const LPCSTR Test_CreateMpq_Localized[] =
 //-----------------------------------------------------------------------------

 // Main

 

-#define TEST_COMMAND_LINE

+//#define TEST_COMMAND_LINE

 //#define TEST_LOCAL_LISTFILE

 //#define TEST_STREAM_OPERATIONS

 //#define TEST_MASTER_MIRROR

 #define TEST_OPEN_MPQ

-#define TEST_OPEN_MPQ

 #define TEST_REOPEN_MPQ

 #define TEST_VERIFY_SIGNATURE

 #define TEST_REPLACE_FILE