From 5232da3f6ac96177db4d2d806c37c82fc664af8b Mon Sep 17 00:00:00 2001
From: Ladislav Zezula <zezula@volny.cz>
Date: Sun, 21 Apr 2024 20:30:56 +0200
Subject: Fixed buffer overflow in
 https://github.com/ladislav-zezula/StormLib/issues/338

---
 src/SBaseFileTable.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/SBaseFileTable.cpp')

diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index fc9418a..1ed8140 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -574,6 +574,10 @@ DWORD ConvertMpqHeaderToFormat4(
             // Fill the rest of the header with zeros
             memset((LPBYTE)pHeader + MPQ_HEADER_SIZE_V2, 0, sizeof(TMPQHeader) - MPQ_HEADER_SIZE_V2);
 
+            // Check position of the Hi-block table
+            if(pHeader->HiBlockTablePos64 > FileSize)
+                return ERROR_FILE_CORRUPT;
+
             // Calculate the expected hash table size
             pHeader->HashTableSize64 = (pHeader->dwHashTableSize * sizeof(TMPQHash));
             HashTablePos64 = MAKE_OFFSET64(pHeader->wHashTablePosHi, pHeader->dwHashTablePos);
-- 
cgit v1.2.3