diff options
| author | Zezula Ladislav <ladislav.zezula@avast.com> | 2018-10-15 11:23:52 +0200 |
|---|---|---|
| committer | Zezula Ladislav <ladislav.zezula@avast.com> | 2018-10-15 11:23:52 +0200 |
| commit | f35d106059accbddaa602b6525f9542746b2c2b7 (patch) | |
| tree | 4fd9212c6d57e430076dba99936b1503f18a8919 /src/SBaseFileTable.cpp | |
| parent | 4ad0bff21da0163917e1552960e6a43679586b89 (diff) | |
+ Fixed arbitrarily large allocations caused by TQMPHeader::dwBlockTableSize
Diffstat (limited to 'src/SBaseFileTable.cpp')
| -rw-r--r-- | src/SBaseFileTable.cpp | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp index 1cb469e..700df48 100644 --- a/src/SBaseFileTable.cpp +++ b/src/SBaseFileTable.cpp @@ -406,6 +406,14 @@ int ConvertMpqHeaderToFormat4( pHeader->ArchiveSize64 = DetermineArchiveSize_V1(ha, pHeader, MpqOffset, FileSize);
pHeader->dwArchiveSize = (DWORD)pHeader->ArchiveSize64;
}
+
+ // EWIX_v8_7.w3x: TMPQHeader::dwBlockTableSize = 0x00319601
+ // Size of TFileTable goes to ~200MB, so we artificially cut it
+ if(BlockTablePos64 + (pHeader->dwBlockTableSize * sizeof(TMPQBlock)) > FileSize)
+ {
+ pHeader->dwBlockTableSize = (DWORD)((FileSize - BlockTablePos64) / sizeof(TMPQBlock));
+ pHeader->BlockTableSize64 = pHeader->dwBlockTableSize * sizeof(TMPQBlock);
+ }
break;
case MPQ_FORMAT_VERSION_2:
|