Added check for loading CRC table

author: Ladislav Zezula <zezula@volny.cz> 2025-04-20 21:16:05 +0200
committer: Ladislav Zezula <zezula@volny.cz> 2025-04-20 21:16:05 +0200
commit: 4f4e2154cd9bb788186e4985104b58c4a5ee3d72 (patch)
tree: f8eebfa6f61d6786741a9a725bad21e94806f8ba /src/SBaseCommon.cpp
parent: da046e71d9cfdfc0e143b6be0e496fddb9c6bab9 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/src/SBaseCommon.cpp b/src/SBaseCommon.cpp
index ecbfc05..3284bb7 100644
--- a/src/SBaseCommon.cpp
+++ b/src/SBaseCommon.cpp
@@ -1026,12 +1026,19 @@ void * LoadMpqTable(
         // and the table is loaded from the current file offset
         if(ByteOffset == SFILE_INVALID_POS)
             FileStream_GetPos(ha->pStream, &ByteOffset);
+        FileStream_GetSize(ha->pStream, &FileSize);
+
+        // Is the sector table within the file?
+        if(ByteOffset >= FileSize)
+        {
+            STORM_FREE(pbMpqTable);
+            return NULL;
+        }
 
         // The hash table and block table can go beyond EOF.
         // Storm.dll reads as much as possible, then fills the missing part with zeros.
         // Abused by Spazzler map protector which sets hash table size to 0x00100000
         // Abused by NP_Protect in MPQs v4 as well
-        FileStream_GetSize(ha->pStream, &FileSize);
         if((ByteOffset + dwBytesToRead) > FileSize)
         {
             // Fill the extra data with zeros
author	Ladislav Zezula <zezula@volny.cz>	2025-04-20 21:16:05 +0200
committer	Ladislav Zezula <zezula@volny.cz>	2025-04-20 21:16:05 +0200
commit	4f4e2154cd9bb788186e4985104b58c4a5ee3d72 (patch)
tree	f8eebfa6f61d6786741a9a725bad21e94806f8ba /src/SBaseCommon.cpp
parent	da046e71d9cfdfc0e143b6be0e496fddb9c6bab9 (diff)