From 9b23b410219b035fcbe245647ccad70f841436cd Mon Sep 17 00:00:00 2001
From: "alexey.lysiuk" <alexey.lysiuk@gmail.com>
Date: Fri, 4 Mar 2016 11:20:19 +0200
Subject: [PATCH] Added detection for broken WAD files

Do not try to allocate nonsensical amount of memory and bail out when broken WAD is detected
See http://forum.drdteam.org/viewtopic.php?t=6844
---
 src/resourcefiles/file_wad.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/resourcefiles/file_wad.cpp b/src/resourcefiles/file_wad.cpp
index 0bdc0a7369..0732d4c115 100644
--- a/src/resourcefiles/file_wad.cpp
+++ b/src/resourcefiles/file_wad.cpp
@@ -39,6 +39,7 @@
 #include "v_text.h"
 #include "w_wad.h"
 #include "gi.h"
+#include "i_system.h"
 
 // Console Doom LZSS wrapper.
 class FileReaderLZSS : public FileReaderBase
@@ -343,6 +344,12 @@ bool FWadFile::Open(bool quiet)
 		NumLumps = BigLong(header.NumLumps);
 		InfoTableOfs = BigLong(header.InfoTableOfs);
 		isBigEndian = true;
+
+		// Check again to detect broken wads
+		if (InfoTableOfs + NumLumps*sizeof(wadlump_t) > (unsigned)wadSize)
+		{
+			I_Error("Cannot load broken WAD file %s\n", Filename);
+		}
 	}
 
 	wadlump_t *fileinfo = new wadlump_t[NumLumps];