From f608c0798420fd0d7a472a831ecef00bbdf4c7f0 Mon Sep 17 00:00:00 2001
From: Ladislav Zezula <E:\Ladik\Mail>
Date: Tue, 17 Nov 2015 11:34:18 +0100
Subject: + Fixed possible buffer overflow in the patching process

---
 src/SFilePatchArchives.cpp | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/SFilePatchArchives.cpp b/src/SFilePatchArchives.cpp
index 840f86c..e2c59b4 100644
--- a/src/SFilePatchArchives.cpp
+++ b/src/SFilePatchArchives.cpp
@@ -277,6 +277,8 @@ static int ApplyFilePatch_BSD0(
 
         // Get the longest block that we can combine
         dwCombineSize = ((dwOldOffset + dwAddDataLength) >= dwOldSize) ? (dwOldSize - dwOldOffset) : dwAddDataLength;
+        if((dwNewOffset + dwCombineSize) > dwNewSize || (dwNewOffset + dwCombineSize) < dwNewOffset)
+            return ERROR_FILE_CORRUPT;
 
         // Now combine the patch data with the original file
         for(i = 0; i < dwCombineSize; i++)
-- 
cgit v1.2.3