From ac9be1ae60b0de848209702843940d766ea3bf8e Mon Sep 17 00:00:00 2001
From: pionere <pionere@freemail.hu>
Date: Sat, 1 Mar 2025 13:02:16 +0100
Subject: validate dwHashTableSize - dwHashTableSize must be a power of two,
 otherwise HASH_INDEX_MASK does not work

---
 src/SBaseFileTable.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src')

diff --git a/src/SBaseFileTable.cpp b/src/SBaseFileTable.cpp
index 0461be2..843f81e 100644
--- a/src/SBaseFileTable.cpp
+++ b/src/SBaseFileTable.cpp
@@ -2560,7 +2560,12 @@ DWORD LoadAnyHashTable(TMPQArchive * ha)
     // Note that we load the classic hash table even when HET table exists,
     // because if the MPQ gets modified and saved, hash table must be there
     if(pHeader->dwHashTableSize)
+    {
+        // hash-table size must be a power or 2
+        if ((pHeader->dwHashTableSize & (pHeader->dwHashTableSize - 1)) != 0)
+            return ERROR_FILE_CORRUPT;
         ha->pHashTable = LoadHashTable(ha);
+    }
 
     // At least one of the tables must be present
     if(ha->pHetTable == NULL && ha->pHashTable == NULL)
-- 
cgit v1.2.3