From c9620d7824e58bdc79a0fde09003ec047b1af3f6 Mon Sep 17 00:00:00 2001
From: Ladislav Zezula <zezula@volny.cz>
Date: Tue, 22 Apr 2025 22:40:25 +0200
Subject: Fixed more bugs from POCs

---
 src/SBaseFileTable.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/SBaseFileTable.cpp')

diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index 0461be2..d2d5bc3 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -651,7 +651,7 @@ DWORD ConvertMpqHeaderToFormat4(
             // Size of the block table
             if(BlockTablePos64)
             {
-                if(BlockTablePos64 > FileSize)
+                if(BlockTablePos64 > FileSize || BlockTablePos64 >= MaxOffset)
                     return ERROR_FILE_CORRUPT;
                 pHeader->BlockTableSize64 = MaxOffset - BlockTablePos64;
                 MaxOffset = BlockTablePos64;
@@ -660,7 +660,7 @@ DWORD ConvertMpqHeaderToFormat4(
             // Size of the hash table
             if(HashTablePos64)
             {
-                if(HashTablePos64 > FileSize)
+                if(HashTablePos64 > FileSize || HashTablePos64 >= MaxOffset)
                     return ERROR_FILE_CORRUPT;
                 pHeader->HashTableSize64 = MaxOffset - HashTablePos64;
                 MaxOffset = HashTablePos64;
-- 
cgit v1.2.3