From 5232da3f6ac96177db4d2d806c37c82fc664af8b Mon Sep 17 00:00:00 2001
From: Ladislav Zezula <zezula@volny.cz>
Date: Sun, 21 Apr 2024 20:30:56 +0200
Subject: Fixed buffer overflow in
 https://github.com/ladislav-zezula/StormLib/issues/338

---
 src/SBaseFileTable.cpp | 4 ++++
 test/StormTest.cpp     | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index fc9418a..1ed8140 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -574,6 +574,10 @@ DWORD ConvertMpqHeaderToFormat4(
             // Fill the rest of the header with zeros
             memset((LPBYTE)pHeader + MPQ_HEADER_SIZE_V2, 0, sizeof(TMPQHeader) - MPQ_HEADER_SIZE_V2);
 
+            // Check position of the Hi-block table
+            if(pHeader->HiBlockTablePos64 > FileSize)
+                return ERROR_FILE_CORRUPT;
+
             // Calculate the expected hash table size
             pHeader->HashTableSize64 = (pHeader->dwHashTableSize * sizeof(TMPQHash));
             HashTablePos64 = MAKE_OFFSET64(pHeader->wHashTablePosHi, pHeader->dwHashTablePos);
diff --git a/test/StormTest.cpp b/test/StormTest.cpp
index 721ee19..3c8051e 100755
--- a/test/StormTest.cpp
+++ b/test/StormTest.cpp
@@ -3789,9 +3789,8 @@ static void Test_PlayingSpace()
 {
     HANDLE hMpq = NULL;
 
-    if(SFileOpenArchive(_T("e:\\poc21"), 0, 0, &hMpq))
+    if(SFileOpenArchive(_T("e:\\poc24"), 0, 0, &hMpq))
     {
-        SFileCompactArchive(hMpq, _T("e:\\Ladik\\Incoming\\poc18"), true);
         SFileCloseArchive(hMpq);
     }
 }
@@ -4010,6 +4009,7 @@ static const TEST_INFO1 Test_OpenMpqs[] =
     {_T("pocs/MPQ_2024_09_InvalidSectorSize.mpq"),              NULL, "--------------------------------",     TFLG_WILL_FAIL},
     {_T("pocs/MPQ_2024_10_HuffDecompressError.mpq"),            NULL, "--------------------------------",     TFLG_WILL_FAIL},
     {_T("pocs/MPQ_2024_10_SparseDecompressError.mpq"),          NULL, "--------------------------------",     TFLG_WILL_FAIL},
+    {_T("pocs/MPQ_2024_11_HiBlockTablePosInvalid.mpq"),         NULL, "--------------------------------",     TFLG_WILL_FAIL},
 
     // Correct or damaged archives
     {_T("MPQ_1997_v1_Diablo1_DIABDAT.MPQ"),                     NULL, "554b538541e42170ed41cb236483489e",  2910, &TwoFilesD1},  // Base MPQ from Diablo 1
-- 
cgit v1.2.3