Fixed buffer overflow in https://github.com/ladislav-zezula/StormLib/issues/338

author: Ladislav Zezula <zezula@volny.cz> 2024-04-21 20:30:56 +0200
committer: Ladislav Zezula <zezula@volny.cz> 2024-04-21 20:30:56 +0200
commit: 5232da3f6ac96177db4d2d806c37c82fc664af8b (patch)
tree: 065d04fb8d415efe4dde631a7ac6579de1bce046 /src/SBaseFileTable.cpp
parent: c4e3490d729ba42e92803b7f2ef90ed86b0b0eca (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index fc9418a..1ed8140 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -574,6 +574,10 @@ DWORD ConvertMpqHeaderToFormat4(
             // Fill the rest of the header with zeros
             memset((LPBYTE)pHeader + MPQ_HEADER_SIZE_V2, 0, sizeof(TMPQHeader) - MPQ_HEADER_SIZE_V2);
 
+            // Check position of the Hi-block table
+            if(pHeader->HiBlockTablePos64 > FileSize)
+                return ERROR_FILE_CORRUPT;
+
             // Calculate the expected hash table size
             pHeader->HashTableSize64 = (pHeader->dwHashTableSize * sizeof(TMPQHash));
             HashTablePos64 = MAKE_OFFSET64(pHeader->wHashTablePosHi, pHeader->dwHashTablePos);
author	Ladislav Zezula <zezula@volny.cz>	2024-04-21 20:30:56 +0200
committer	Ladislav Zezula <zezula@volny.cz>	2024-04-21 20:30:56 +0200
commit	5232da3f6ac96177db4d2d806c37c82fc664af8b (patch)
tree	065d04fb8d415efe4dde631a7ac6579de1bce046 /src/SBaseFileTable.cpp
parent	c4e3490d729ba42e92803b7f2ef90ed86b0b0eca (diff)