From bf632cc31ae06e42a773c5b591ee41099d927cfa Mon Sep 17 00:00:00 2001
From: Christoph Oelckers <coelckers@users.noreply.github.com>
Date: Wed, 27 Jun 2018 08:51:45 +0200
Subject: [PATCH] Added lump size validation to the WAD loader

(cherry picked from commit cbe4c9c5c1ea2cbb193d548e96e9902f03faa61a)
---
 src/resourcefiles/file_wad.cpp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/resourcefiles/file_wad.cpp b/src/resourcefiles/file_wad.cpp
index 2e0ebb1dc..25e61e295 100644
--- a/src/resourcefiles/file_wad.cpp
+++ b/src/resourcefiles/file_wad.cpp
@@ -191,6 +191,17 @@ bool FWadFile::Open(bool quiet)
 		Lumps[i].Namespace = ns_global;
 		Lumps[i].Flags = Lumps[i].Compressed? LUMPF_COMPRESSED : 0;
 		Lumps[i].FullName = NULL;
+		
+		// Check if the lump is within the WAD file and print a warning if not.
+		if (Lumps[i].Position + Lumps[i].LumpSize > wadSize || Lumps[i].Position < 0 || Lumps[i].LumpSize < 0)
+		{
+			if (Lumps[i].LumpSize != 0)
+			{
+				Printf(PRINT_HIGH, "%s: Lump %s contains invalid positioning info and will be ignored\n", Filename, Lumps[i].Name);
+				Lumps[i].Name[0] = 0;
+			}
+			Lumps[i].LumpSize = Lumps[i].Position = 0;
+		}
 	}
 
 	delete[] fileinfo;