From 8debce7eab1cfb7a145d592d757b75e7cac83610 Mon Sep 17 00:00:00 2001
From: Ladislav Zezula <zezula@volny.cz>
Date: Fri, 4 Aug 2023 11:19:49 +0200
Subject: Fixed heap overflow in handling of file patch

---
 src/StormLib.h | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/StormLib.h')

diff --git a/src/StormLib.h b/src/StormLib.h
index 4aa51c1..4d5992d 100644
--- a/src/StormLib.h
+++ b/src/StormLib.h
@@ -215,7 +215,7 @@ extern "C" {
 #define SFILE_INVALID_POS           0xFFFFFFFF
 #define SFILE_INVALID_ATTRIBUTES    0xFFFFFFFF
 
-// Flags for SFileAddFile
+// Flags for TMPQBlock::dwFlags
 #define MPQ_FILE_IMPLODE            0x00000100  // Implode method (By PKWARE Data Compression Library)
 #define MPQ_FILE_COMPRESS           0x00000200  // Compress methods (By multiple methods)
 #define MPQ_FILE_ENCRYPTED          0x00010000  // Indicates whether file is encrypted
@@ -259,6 +259,9 @@ extern "C" {
                                   MPQ_FILE_FIX_KEY       |  \
                                   MPQ_FILE_EXISTS)
 
+// Flags for TPatchInfo::dwFlags
+#define MPQ_PATCH_INFO_VALID        0x80000000  // Set if the patch info is valid
+
 // We need to mask out the upper 4 bits of the block table index.
 // This is because it gets shifted out when calculating block table offset
 // BlockTableOffset = pHash->dwBlockIndex << 0x04
@@ -676,7 +679,7 @@ typedef struct _TMPQBlock
 typedef struct _TPatchInfo
 {
     DWORD dwLength;                             // Length of patch info header, in bytes
-    DWORD dwFlags;                              // Flags. 0x80000000 = MD5 (?)
+    DWORD dwFlags;                              // Flags. 0x80000000 = valid (?)
     DWORD dwDataSize;                           // Uncompressed size of the patch file
     BYTE  md5[0x10];                            // MD5 of the entire patch file after decompression
 
-- 
cgit v1.2.3