diff options
| author | Ladislav Zezula <zezula@volny.cz> | 2024-04-21 22:35:07 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-21 22:35:07 +0200 |
| commit | 3b65b373bc822a0ee0410edb80fa4ecfc0b454da (patch) | |
| tree | 6d46b40a782aa282e60b3e9583d5a9120287c3b3 /src/sparse/sparse.cpp | |
| parent | 605222393594f5885b877bfc0086dae756674965 (diff) | |
| parent | 7250eca739f060dd6984b9ea74a9fbb8b0a7c353 (diff) | |
Merge pull request #346 from ladislav-zezula/LZ_GabeShermanFoundBugs
Fixed bugs found by Gabe Sherman
Diffstat (limited to 'src/sparse/sparse.cpp')
| -rw-r--r-- | src/sparse/sparse.cpp | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/sparse/sparse.cpp b/src/sparse/sparse.cpp index 6d1b621..6cf2df2 100644 --- a/src/sparse/sparse.cpp +++ b/src/sparse/sparse.cpp @@ -261,7 +261,12 @@ int DecompressSparse(void * pvOutBuffer, int * pcbOutBuffer, void * pvInBuffer, // If highest bit, it means that that normal data follow if(OneByte & 0x80) { + // Check the length of one chunk. Check for overflows cbChunkSize = (OneByte & 0x7F) + 1; + if((pbInBuffer + cbChunkSize) > pbInBufferEnd) + return 0; + + // Copy the chunk. Make sure that the buffer won't overflow cbChunkSize = (cbChunkSize < cbOutBuffer) ? cbChunkSize : cbOutBuffer; memcpy(pbOutBuffer, pbInBuffer, cbChunkSize); pbInBuffer += cbChunkSize; |