diff options
| author | Ladislav Zezula <zezula@volny.cz> | 2023-07-08 14:29:02 +0200 |
|---|---|---|
| committer | Ladislav Zezula <zezula@volny.cz> | 2023-07-08 14:29:02 +0200 |
| commit | f2c086cef8c9335571f492d9f91f40c1e5f721f5 (patch) | |
| tree | b4490e523c88bacaec5b693da13815093cb99ddf /src | |
| parent | dca8554dd78a9a7f075b5b525637cef6763dcdf2 (diff) | |
Fixed heap overflow
Diffstat (limited to 'src')
| -rw-r--r-- | src/SBaseCommon.cpp | 6 | ||||
| -rw-r--r-- | src/SFileGetFileInfo.cpp | 4 |
2 files changed, 6 insertions, 4 deletions
diff --git a/src/SBaseCommon.cpp b/src/SBaseCommon.cpp index 77590d6..b0029e0 100644 --- a/src/SBaseCommon.cpp +++ b/src/SBaseCommon.cpp @@ -999,18 +999,20 @@ void * LoadMpqTable( LPBYTE pbCompressed = NULL;
LPBYTE pbMpqTable;
LPBYTE pbToRead;
- DWORD dwBytesToRead = dwCompressedSize;
+ DWORD dwBytesToRead = dwTableSize;
DWORD dwErrCode = ERROR_SUCCESS;
// Allocate the MPQ table
pbMpqTable = pbToRead = STORM_ALLOC(BYTE, dwTableSize);
if(pbMpqTable != NULL)
{
- // Check if the MPQ table is encrypted
+ // Check if the MPQ table is compressed
if(dwCompressedSize < dwTableSize)
{
// Allocate temporary buffer for holding compressed data
pbCompressed = pbToRead = STORM_ALLOC(BYTE, dwCompressedSize);
+ dwBytesToRead = dwCompressedSize;
+
if(pbCompressed == NULL)
{
STORM_FREE(pbMpqTable);
diff --git a/src/SFileGetFileInfo.cpp b/src/SFileGetFileInfo.cpp index f9b9a76..2a4d7b3 100644 --- a/src/SFileGetFileInfo.cpp +++ b/src/SFileGetFileInfo.cpp @@ -564,11 +564,11 @@ static DWORD CreatePseudoFileName(HANDLE hFile, TFileEntry * pFileEntry, char * bool WINAPI SFileGetFileName(HANDLE hFile, char * szFileName)
{
- TMPQFile * hf = (TMPQFile *)hFile; // MPQ File handle
+ TMPQFile * hf;
DWORD dwErrCode = ERROR_INVALID_HANDLE;
// Check valid parameters
- if(IsValidFileHandle(hFile))
+ if((hf = IsValidFileHandle(hFile)) != NULL)
{
TFileEntry * pFileEntry = hf->pFileEntry;
|