aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/SBaseCommon.cpp5
-rw-r--r--src/SBaseFileTable.cpp5
-rw-r--r--src/StormLib.h1
-rwxr-xr-xtest/StormTest.cpp9
-rw-r--r--test/stormlib-test-001.txt2
5 files changed, 17 insertions, 5 deletions
diff --git a/src/SBaseCommon.cpp b/src/SBaseCommon.cpp
index 16caf4f..4d56502 100644
--- a/src/SBaseCommon.cpp
+++ b/src/SBaseCommon.cpp
@@ -1019,6 +1019,11 @@ void * LoadMpqTable(
return NULL;
}
}
+ else
+ {
+ // pocs/MPQ_2025_06_BadHashTableSize.mpq
+ dwCompressedSize = dwTableSize;
+ }
// Get the file offset from which we will read the table
// Note: According to Storm.dll from Warcraft III (version 2002),
diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index e854ac0..46daab5 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -2508,7 +2508,8 @@ TMPQHetTable * LoadHetTable(TMPQArchive * ha)
TMPQHeader * pHeader = ha->pHeader;
// If the HET table position is not 0, we expect the table to be present
- if(pHeader->HetTablePos64 && pHeader->HetTableSize64)
+ // Alsom the HET table must have a reasonable size
+ if(pHeader->HetTablePos64 && pHeader->HetTableSize64 && pHeader->HetTableSize64 < BET_TABLE_MAX_SIZE)
{
// Attempt to load the HET table (Hash Extended Table)
pExtTable = LoadExtTable(ha, pHeader->HetTablePos64, (size_t)pHeader->HetTableSize64, HET_TABLE_SIGNATURE, MPQ_KEY_HASH_TABLE);
@@ -2530,7 +2531,7 @@ TMPQBetTable * LoadBetTable(TMPQArchive * ha)
TMPQHeader * pHeader = ha->pHeader;
// If the BET table position is not 0, we expect the table to be present
- if(pHeader->BetTablePos64 && pHeader->BetTableSize64)
+ if(pHeader->BetTablePos64 && pHeader->BetTableSize64 && pHeader->BetTableSize64 < BET_TABLE_MAX_SIZE)
{
// Attempt to load the HET table (Hash Extended Table)
pExtTable = LoadExtTable(ha, pHeader->BetTablePos64, (size_t)pHeader->BetTableSize64, BET_TABLE_SIGNATURE, MPQ_KEY_BLOCK_TABLE);
diff --git a/src/StormLib.h b/src/StormLib.h
index e1db062..1f3dee7 100644
--- a/src/StormLib.h
+++ b/src/StormLib.h
@@ -292,6 +292,7 @@ extern "C" {
// Signatures for HET and BET table
#define HET_TABLE_SIGNATURE 0x1A544548 // 'HET\x1a'
#define BET_TABLE_SIGNATURE 0x1A544542 // 'BET\x1a'
+#define BET_TABLE_MAX_SIZE 0x00100000 // Maximum acceptable size of HET&BET tables
// Decryption keys for MPQ tables
#define MPQ_KEY_HASH_TABLE 0xC3AF3770 // Obtained by HashString("(hash table)", MPQ_HASH_FILE_KEY)
diff --git a/test/StormTest.cpp b/test/StormTest.cpp
index 4e06e1a..eb57ebf 100755
--- a/test/StormTest.cpp
+++ b/test/StormTest.cpp
@@ -3960,8 +3960,8 @@ static void Test_PlayingSpace()
LPBYTE pbData;
DWORD dwFileSize = 529298;
DWORD dwBytesRead = 0;
-
- if(SFileOpenArchive(_T("c:\\War3.mpq"), 0, 0, &hMpq))
+/*
+ if(SFileOpenArchive(_T("e:\\2.mpq"), 0, 0, &hMpq))
{
if(SFileOpenFileEx(hMpq, "(listfile)", 0, &hFile))
{
@@ -3974,6 +3974,7 @@ static void Test_PlayingSpace()
}
SFileCloseArchive(hMpq);
}
+*/
}
//-----------------------------------------------------------------------------
@@ -4237,7 +4238,7 @@ static const TEST_INFO1 TestList_MasterMirror[] =
static const TEST_INFO1 Test_OpenMpqs[] =
{
- // PoC's by Gabe Sherman, tinh0.
+ // PoC's by Gabe Sherman, tinh0, Zao Yang
{_T("pocs/MPQ_2024_01_HeapOverrun.mpq"), NULL, "7008f95dcbc4e5d840830c176dec6969", 14},
{_T("pocs/MPQ_2024_02_StackOverflow.mpq"), NULL, "7093fcbcc9674b3e152e74e8e8a937bb", 4},
{_T("pocs/MPQ_2024_03_TooBigAlloc.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
@@ -4255,6 +4256,8 @@ static const TEST_INFO1 Test_OpenMpqs[] =
{_T("pocs/MPQ_2025_03_InvalidPatchInfo.mpq"), NULL, "93b885adfe0da089cdf634904fd59f71", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2025_04_InvalidArchiveSize64.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2025_05_AddFileError.mpq"), NULL, "ce9b8afed4221a53663d391f10691ba6", TFLG_WILL_FAIL},
+ {_T("pocs/MPQ_2025_06_BadHashTableSize.mpq"), NULL, "00000000000000000000000000000000", TFLG_WILL_FAIL},
+ {_T("pocs/MPQ_2025_07_BadHetTableSize.mpq"), NULL, "00000000000000000000000000000000", TFLG_WILL_FAIL},
// Correct or damaged archives
{_T("MPQ_1997_v1_Diablo1_DIABDAT.MPQ"), NULL, "554b538541e42170ed41cb236483489e", 2910, &TwoFilesD1}, // Base MPQ from Diablo 1
diff --git a/test/stormlib-test-001.txt b/test/stormlib-test-001.txt
index cf96931..0359d2f 100644
--- a/test/stormlib-test-001.txt
+++ b/test/stormlib-test-001.txt
@@ -36,6 +36,8 @@ TestReadingMpq (pocs/MPQ_2025_02_SectorOffsetSizeNotAligned.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_03_InvalidPatchInfo.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_04_InvalidArchiveSize64.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_05_AddFileError.mpq) succeeded.
+TestReadingMpq (pocs/MPQ_2025_06_BadHashTableSize.mpq) succeeded.
+TestReadingMpq (pocs/MPQ_2025_07_BadHetTableSize.mpq) succeeded.
TestReadingMpq (MPQ_1997_v1_Diablo1_DIABDAT.MPQ) succeeded.
TestReadingMpq (MPQ_1997_v1_patch_rt_SC1B.mpq) succeeded.
TestReadingMpq (MPQ_1997_v1_StarDat_SC1B.mpq) succeeded.