From 786f74bd302a6e99360d9fff1979db95f2f1c741 Mon Sep 17 00:00:00 2001
From: pionere <pionere@freemail.hu>
Date: Fri, 28 Feb 2025 10:08:19 +0100
Subject: free/release SectorOffsets of TMPQFile in AllocateSectorOffsets

---
 src/SBaseCommon.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/SBaseCommon.cpp b/src/SBaseCommon.cpp
index 7f2aa8c..ecbfc05 100644
--- a/src/SBaseCommon.cpp
+++ b/src/SBaseCommon.cpp
@@ -1268,8 +1268,11 @@ DWORD AllocateSectorOffsets(TMPQFile * hf, bool bLoadFromFile)
             // Append the length of the patch info, if any
             if(hf->pPatchInfo != NULL)
             {
-                if((RawFilePos + hf->pPatchInfo->dwLength) < RawFilePos)
+                if((RawFilePos + hf->pPatchInfo->dwLength) < RawFilePos) {
+                    STORM_FREE(hf->SectorOffsets);
+                    hf->SectorOffsets = NULL;
                     return ERROR_FILE_CORRUPT;
+                }
                 RawFilePos += hf->pPatchInfo->dwLength;
             }
 
@@ -1355,8 +1358,11 @@ DWORD AllocateSectorOffsets(TMPQFile * hf, bool bLoadFromFile)
             if((hf->SectorOffsets[0] & 0xFFFFFFFC) > dwSectorOffsLen)
             {
                 // MPQ protectors put some ridiculous values there. We must limit the extra bytes
-                if(hf->SectorOffsets[0] > (dwSectorOffsLen + 0x400))
+                if(hf->SectorOffsets[0] > (dwSectorOffsLen + 0x400)) {
+                    STORM_FREE(hf->SectorOffsets);
+                    hf->SectorOffsets = NULL;
                     return ERROR_FILE_CORRUPT;
+                }
 
                 // Free the old sector offset table
                 dwSectorOffsLen = hf->SectorOffsets[0];
-- 
cgit v1.2.3