From 591b8035663fc60490229b63b4c43f55b0c0a81c Mon Sep 17 00:00:00 2001
From: wolfy852 <wolfy852@hotmail.com>
Date: Fri, 22 Jan 2016 21:45:48 -0600
Subject: [PATCH] Limit file write size to 1MB

If the total file size is above 1MB after writing, discard all changes.
---
 src/blua/liolib.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/blua/liolib.c b/src/blua/liolib.c
index b209eec9..2d20f529 100644
--- a/src/blua/liolib.c
+++ b/src/blua/liolib.c
@@ -26,6 +26,8 @@
 #define IO_INPUT	1
 #define IO_OUTPUT	2
 
+#define FILELIMIT 1024*1024 // Size limit for reading/writing files
+
 
 static const char *const fnames[] = {"input", "output"};
 static const char *whitelist[] = { // Allow scripters to write files of these types to SRB2's folder
@@ -437,6 +439,7 @@ static int io_readline (lua_State *L) {
 static int g_write (lua_State *L, FILE *f, int arg) {
   int nargs = lua_gettop(L) - 1;
   int status = 1;
+  size_t count;
   for (; nargs--; arg++) {
     if (lua_type(L, arg) == LUA_TNUMBER) {
       /* optimization: could be done exactly as for strings */
@@ -446,6 +449,12 @@ static int g_write (lua_State *L, FILE *f, int arg) {
     else {
       size_t l;
       const char *s = luaL_checklstring(L, arg, &l);
+	  count += l;
+	  if (ftell(f) + l > FILELIMIT)
+	  {
+		luaL_error(L,"write limit bypassed in file. Changes have been discarded.");
+		break;
+	  }
       status = status && (fwrite(s, sizeof(char), l, f) == l);
     }
   }