2 files changed, 14 insertions, 6 deletions

diff --git a/src/SFileReadFile.cpp b/src/SFileReadFile.cpp
index 8ab5f48..180d428 100644
--- a/src/SFileReadFile.cpp
+++ b/src/SFileReadFile.cpp
@@ -261,6 +261,8 @@ static DWORD ReadMpqFileSingleUnit(TMPQFile * hf, void * pvBuffer, DWORD dwFileP
     // If the file sector is not loaded yet, do it
     if(hf->dwSectorOffs != 0)
     {
+        DWORD cbRawData = hf->dwDataSize;
+
         // Is the file compressed?
         if(pFileEntry->dwFlags & MPQ_FILE_COMPRESS_MASK)
         {
@@ -268,11 +270,14 @@ static DWORD ReadMpqFileSingleUnit(TMPQFile * hf, void * pvBuffer, DWORD dwFileP
             pbCompressed = STORM_ALLOC(BYTE, pFileEntry->dwCmpSize);
             if(pbCompressed == NULL)
                 return ERROR_NOT_ENOUGH_MEMORY;
+            
+            // Redirect reading
             pbRawData = pbCompressed;
+            cbRawData = pFileEntry->dwCmpSize;
         }
 
         // Load the raw (compressed, encrypted) data
-        if(!FileStream_Read(ha->pStream, &RawFilePos, pbRawData, pFileEntry->dwCmpSize))
+        if(!FileStream_Read(ha->pStream, &RawFilePos, pbRawData, cbRawData))
         {
             STORM_FREE(pbCompressed);
             return GetLastError();
diff --git a/test/StormTest.cpp b/test/StormTest.cpp
index 540557a..eeb0a24 100755
--- a/test/StormTest.cpp
+++ b/test/StormTest.cpp
@@ -3787,6 +3787,7 @@ static DWORD TestReplaceFile(LPCTSTR szMpqPlainName, LPCTSTR szFilePlainName, LP
 

 static void Test_PlayingSpace()

 {

+/*

     SFILE_FIND_DATA sf;

     HANDLE hMpq = NULL;

 

@@ -3796,6 +3797,7 @@ static void Test_PlayingSpace()
         SFileAddWave(hMpq, _T("e:\\Ladik\\Incoming\\poc11"), "poc11", MPQ_FILE_FIX_KEY, 1);

         SFileCloseArchive(hMpq);

     }

+*/

 }

 

 //-----------------------------------------------------------------------------

@@ -4000,11 +4002,12 @@ static const TEST_INFO1 TestList_MasterMirror[] =
 static const TEST_INFO1 Test_OpenMpqs[] =

 {

     // PoC's by Gabe Sherman from FuturesLab

-    {_T("pocs/MPQ_2024_01_HeapOverrun.mpq"),                    NULL, "7008f95dcbc4e5d840830c176dec6969",    14},

-    {_T("pocs/MPQ_2024_02_StackOverflow.mpq"),                  NULL, "7093fcbcc9674b3e152e74e8e8a937bb",     4},

-    {_T("pocs/MPQ_2024_03_TooBigAlloc.mpq"),                    NULL, "--------------------------------",  TFLG_WILL_FAIL},

-    {_T("pocs/MPQ_2024_04_HeapOverflow.mpq"),                   NULL, "--------------------------------",  TFLG_WILL_FAIL},

-    {_T("pocs/MPQ_2024_05_HeapOverflow.mpq"),                   NULL, "0539ae020719654a0ea6e2627a8195f8",    14},

+    //{_T("pocs/MPQ_2024_01_HeapOverrun.mpq"),                    NULL, "7008f95dcbc4e5d840830c176dec6969",    14},

+    //{_T("pocs/MPQ_2024_02_StackOverflow.mpq"),                  NULL, "7093fcbcc9674b3e152e74e8e8a937bb",     4},

+    //{_T("pocs/MPQ_2024_03_TooBigAlloc.mpq"),                    NULL, "--------------------------------",  TFLG_WILL_FAIL},

+    //{_T("pocs/MPQ_2024_04_HeapOverflow.mpq"),                   NULL, "--------------------------------",  TFLG_WILL_FAIL},

+    //{_T("pocs/MPQ_2024_05_HeapOverflow.mpq"),                   NULL, "0539ae020719654a0ea6e2627a8195f8",    14},

+    {_T("pocs/MPQ_2024_06_HeapOverflowReadFile.mpq"),           NULL, "d41d8cd98f00b204e9800998ecf8427e",     1},

 

     // Correct or damaged archives

     {_T("MPQ_1997_v1_Diablo1_DIABDAT.MPQ"),                     NULL, "554b538541e42170ed41cb236483489e",  2910, &TwoFilesD1},  // Base MPQ from Diablo 1