ref: 4a8877713e6851c8170865c652b36965a0153a7c
parent: 99fd64462baaa4fb2096b0f9f02aef2791b7fafd
parent: f7b428752fce30cf49fb1d5b28154921931463d7
author: Clownacy <Clownacy@users.noreply.github.com>
date: Thu Jul 2 11:52:19 EDT 2020
Merge branch 'accurate' into portable
--- a/src/TextScr.cpp
+++ b/src/TextScr.cpp
@@ -169,6 +169,13 @@
if (head_size == -1)
return FALSE;
+#ifdef FIX_BUGS
+ // The original doesn't check for any kind of buffer overflow here, so feeding in a 1 MiB Head.tsc
+ // (assuming an unchanged TSC_BUFFER_SIZE) would be sure to crash the game, for example.
+ if (head_size > TSC_BUFFER_SIZE)
+ return FALSE;
+#endif
+
fp = fopen(path.c_str(), "rb");
if (fp == NULL)
return FALSE;
@@ -185,6 +192,12 @@
body_size = GetFileSizeLong(path.c_str());
if (body_size == -1)
return FALSE;
+
+#ifdef FIX_BUGS
+ // Same as above: the original doesn't bother checking, and may crash on large-enough input
+ if (head_size + body_size > TSC_BUFFER_SIZE)
+ return FALSE;
+#endif
fp = fopen(path.c_str(), "rb");
if (fp == NULL)