From 19a8f83554dd0d0f184f6336814f533fc0a85fa2 Mon Sep 17 00:00:00 2001 From: Ladislav Zezula Date: Sun, 21 Apr 2024 14:33:20 +0200 Subject: Fixed stack overflow in https://github.com/ladislav-zezula/StormLib/issues/328 --- src/SBaseCommon.cpp | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) (limited to 'src/SBaseCommon.cpp') diff --git a/src/SBaseCommon.cpp b/src/SBaseCommon.cpp index 587efe4..0de7864 100644 --- a/src/SBaseCommon.cpp +++ b/src/SBaseCommon.cpp @@ -1027,20 +1027,16 @@ void * LoadMpqTable( if(ByteOffset == SFILE_INVALID_POS) FileStream_GetPos(ha->pStream, &ByteOffset); - // On archives v 1.0, hash table and block table can go beyond EOF. + // The hash table and block table can go beyond EOF. // Storm.dll reads as much as possible, then fills the missing part with zeros. // Abused by Spazzler map protector which sets hash table size to 0x00100000 // Abused by NP_Protect in MPQs v4 as well - if(ha->pHeader->wFormatVersion == MPQ_FORMAT_VERSION_1) + FileStream_GetSize(ha->pStream, &FileSize); + if((ByteOffset + dwBytesToRead) > FileSize) { - // Cut the table size - FileStream_GetSize(ha->pStream, &FileSize); - if((ByteOffset + dwBytesToRead) > FileSize) - { - // Fill the extra data with zeros - dwBytesToRead = (DWORD)(FileSize - ByteOffset); - memset(pbMpqTable + dwBytesToRead, 0, (dwTableSize - dwBytesToRead)); - } + // Fill the extra data with zeros + dwBytesToRead = (DWORD)(FileSize - ByteOffset); + memset(pbMpqTable + dwBytesToRead, 0, (dwTableSize - dwBytesToRead)); } // Give the caller information that the table was cut -- cgit v1.2.3