From 5ed4012a9befb6064311e709726c1c8b5dad70d9 Mon Sep 17 00:00:00 2001
From: Shpoike <Shpoike@users.noreply.github.com>
Date: Wed, 15 Mar 2023 18:00:47 +0000
Subject: [PATCH] Fix OOM with obviously corrupt miptex lumps (eg:
 jvoxdm1.bsp).

---
 engine/gl/gl_model.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/engine/gl/gl_model.c b/engine/gl/gl_model.c
index 0fdca6c67..d31488d3e 100644
--- a/engine/gl/gl_model.c
+++ b/engine/gl/gl_model.c
@@ -3737,6 +3737,12 @@ TRACE(("dbg: Mod_LoadTextures: inittexturedescs\n"));
 
 	m->nummiptex = LittleLong (m->nummiptex);
 
+	if ((1+m->nummiptex)*sizeof(int) > l->filelen)
+	{
+		Con_Printf(CON_WARNING "warning: %s contains corrupt texture lump\n", loadmodel->name);
+		return false;
+	}
+
 	loadmodel->numtextures = m->nummiptex;
 	loadmodel->textures = ZG_Malloc(&loadmodel->memgroup, m->nummiptex * sizeof(*loadmodel->textures));
 	sizes = alloca(sizeof(*sizes)*m->nummiptex);