fte/quakespasm
2
0
Fork 0
mirror of https://github.com/Shpoike/Quakespasm.git synced 2025-02-09 01:01:07 +00:00
Code Issues Projects Releases Packages Wiki Activity

snd_umx.c: revise sanity checks and check returned values from FS layer.

Browse source
This commit is contained in:
Ozkan Sezer 2021-07-14 03:37:00 +03:00
parent 96b07d712d
commit bd8615c235
1 changed files with 16 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
Quake/snd_umx.c
View file

@ -4,7 +4,7 @@
* by Andy Ward <wardwh@swbell.net>, with additional updates * by Andy Ward <wardwh@swbell.net>, with additional updates
* by O. Sezer - see git repo at https://github.com/sezero/umr.git * by O. Sezer - see git repo at https://github.com/sezero/umr.git
* *
* Copyright (C) 2013 O. Sezer <sezero@users.sourceforge.net> * Copyright (C) 2013-2021 O. Sezer <sezero@users.sourceforge.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by * it under the terms of the GNU General Public License as published by
@ -201,13 +201,13 @@ static int read_typname(fshandle_t *f, const struct upkg_hdr *hdr,
char buf[64]; char buf[64];
if (idx >= hdr->name_count) return -1; if (idx >= hdr->name_count) return -1;
buf[63] = '\0'; memset(buf, 0, 64);
for (i = 0, l = 0; i <= idx; i++) { for (i = 0, l = 0; i <= idx; i++) {
FS_fseek(f, hdr->name_offset + l, SEEK_SET); if (FS_fseek(f, hdr->name_offset + l, SEEK_SET) < 0) return -1;
FS_fread(buf, 1, 63, f); if (!FS_fread(buf, 1, 63, f)) return -1;
if (hdr->file_version >= 64) { if (hdr->file_version >= 64) {
s = *(signed char *)buf; /* numchars *including* terminator */ s = *(signed char *)buf; /* numchars *including* terminator */
if (s <= 0 || s > 64) return -1; if (s <= 0) return -1;
l += s + 5; /* 1 for buf[0], 4 for int32_t name_flags */ l += s + 5; /* 1 for buf[0], 4 for int32_t name_flags */
} else { } else {
l += (long)strlen(buf); l += (long)strlen(buf);
@ -230,6 +230,13 @@ static int probe_umx (fshandle_t *f, const struct upkg_hdr *hdr,
idx = 0; idx = 0;
fsiz = FS_filelength (f); fsiz = FS_filelength (f);
if (hdr->name_offset >= fsiz ||
hdr->export_offset >= fsiz ||
hdr->import_offset >= fsiz) {
Con_DPrintf("Illegal values in header.\n");
return -1;
}
/* Find the offset and size of the first IT, S3M or XM /* Find the offset and size of the first IT, S3M or XM
* by parsing the exports table. The umx files should * by parsing the exports table. The umx files should
* have only one export. Kran32.umx from Unreal has two, * have only one export. Kran32.umx from Unreal has two,
@ -288,12 +295,12 @@ static int32_t probe_header (fshandle_t *f, struct upkg_hdr *hdr)
return -1; return -1;
} }
if (hdr->name_count < 0 || if (hdr->name_count < 0 ||
hdr->name_offset < 0 ||
hdr->export_count < 0 || hdr->export_count < 0 ||
hdr->export_offset < 0 ||
hdr->import_count < 0 || hdr->import_count < 0 ||
hdr->import_offset < 0 ) { hdr->name_offset < 36 ||
Con_DPrintf("Negative values in header\n"); hdr->export_offset < 36 ||
hdr->import_offset < 36) {
Con_DPrintf("Illegal values in header.\n");
return -1; return -1;
} }