duuqnd/cave-story-solaris
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #137 from GabrielRavier/accurateFixBugsTscBufferSizeCrash

Browse source 
accurate:  Do not crash when TSC files are too big with FIX_BUGS
This commit is contained in:
Clownacy 2020-07-02 15:52:53 +01:00 committed by GitHub
commit f7b428752f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/TextScr.cpp
View file

@ -167,6 +167,13 @@ BOOL LoadTextScript_Stage(const char *name)
if (head_size == INVALID_FILE_SIZE)
return FALSE;
#ifdef FIX_BUGS
// The original doesn't check for any kind of buffer overflow here, so feeding in a 1 MiB Head.tsc
// (assuming an unchanged TSC_BUFFER_SIZE) would be sure to crash the game, for example.
if (head_size > TSC_BUFFER_SIZE)
return FALSE;
#endif
fp = fopen(path, "rb");
if (fp == NULL)
return FALSE;
@ -184,6 +191,12 @@ BOOL LoadTextScript_Stage(const char *name)
if (body_size == INVALID_FILE_SIZE)
return FALSE;
#ifdef FIX_BUGS
// Same as above: the original doesn't bother checking, and may crash on large-enough input
if (head_size + body_size > TSC_BUFFER_SIZE)
return FALSE;
#endif
fp = fopen(path, "rb");
if (fp == NULL)
return FALSE;