From 9bda9e9fc174275be7c407b39ab970b4c24b5d36 Mon Sep 17 00:00:00 2001 From: Molgrum Date: Thu, 1 May 2008 11:59:22 +0000 Subject: [PATCH] Don't crash on invalid input in the Microsoft Wave reader. /bigfoot git-svn-id: https://svn.code.sf.net/p/fteqw/code/trunk@2949 fc73d0e0-1445-4013-8a0c-d673dee63da5 --- engine/client/snd_mem.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/engine/client/snd_mem.c b/engine/client/snd_mem.c index 90e49bacf..debb0e786 100644 --- a/engine/client/snd_mem.c +++ b/engine/client/snd_mem.c @@ -933,17 +933,22 @@ int GetLittleLong(void) void FindNextChunk(char *name) { + unsigned int dataleft; + while (1) { - data_p=last_chunk; - data_p += 4; - if (data_p >= iff_end) + dataleft = iff_end - last_chunk; + if (dataleft < 8) { // didn't find the chunk data_p = NULL; return; } + + data_p=last_chunk; + data_p += 4; + dataleft-= 8; iff_chunk_len = GetLittleLong(); - if (iff_chunk_len < 0) + if (iff_chunk_len < 0 || iff_chunk_len > dataleft) { data_p = NULL; return;