From 4f4e2154cd9bb788186e4985104b58c4a5ee3d72 Mon Sep 17 00:00:00 2001
From: Ladislav Zezula <zezula@volny.cz>
Date: Sun, 20 Apr 2025 21:16:05 +0200
Subject: Added check for loading CRC table

---
 src/SBaseCommon.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/SBaseCommon.cpp')

diff --git a/src/SBaseCommon.cpp b/src/SBaseCommon.cpp
index ecbfc05..3284bb7 100644
--- a/src/SBaseCommon.cpp
+++ b/src/SBaseCommon.cpp
@@ -1026,12 +1026,19 @@ void * LoadMpqTable(
         // and the table is loaded from the current file offset
         if(ByteOffset == SFILE_INVALID_POS)
             FileStream_GetPos(ha->pStream, &ByteOffset);
+        FileStream_GetSize(ha->pStream, &FileSize);
+
+        // Is the sector table within the file?
+        if(ByteOffset >= FileSize)
+        {
+            STORM_FREE(pbMpqTable);
+            return NULL;
+        }
 
         // The hash table and block table can go beyond EOF.
         // Storm.dll reads as much as possible, then fills the missing part with zeros.
         // Abused by Spazzler map protector which sets hash table size to 0x00100000
         // Abused by NP_Protect in MPQs v4 as well
-        FileStream_GetSize(ha->pStream, &FileSize);
         if((ByteOffset + dwBytesToRead) > FileSize)
         {
             // Fill the extra data with zeros
-- 
cgit v1.2.3