From c9620d7824e58bdc79a0fde09003ec047b1af3f6 Mon Sep 17 00:00:00 2001
From: Ladislav Zezula <zezula@volny.cz>
Date: Tue, 22 Apr 2025 22:40:25 +0200
Subject: Fixed more bugs from POCs

---
 src/SBaseCommon.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/SBaseCommon.cpp')

diff --git a/src/SBaseCommon.cpp b/src/SBaseCommon.cpp
index 3284bb7..0d9598a 100644
--- a/src/SBaseCommon.cpp
+++ b/src/SBaseCommon.cpp
@@ -1365,14 +1365,17 @@ DWORD AllocateSectorOffsets(TMPQFile * hf, bool bLoadFromFile)
             if((hf->SectorOffsets[0] & 0xFFFFFFFC) > dwSectorOffsLen)
             {
                 // MPQ protectors put some ridiculous values there. We must limit the extra bytes
-                if(hf->SectorOffsets[0] > (dwSectorOffsLen + 0x400)) {
+                if(hf->SectorOffsets[0] > (dwSectorOffsLen + 0x400))
+                {
                     STORM_FREE(hf->SectorOffsets);
                     hf->SectorOffsets = NULL;
                     return ERROR_FILE_CORRUPT;
                 }
 
+                // The new length of the sector offset must be aligned to DWORD
+                dwSectorOffsLen = (hf->SectorOffsets[0] & 0xFFFFFFFC);
+
                 // Free the old sector offset table
-                dwSectorOffsLen = hf->SectorOffsets[0];
                 STORM_FREE(hf->SectorOffsets);
                 goto __LoadSectorOffsets;
             }
-- 
cgit v1.2.3