mirrors
/
OpenRCT2
mirror of https://github.com/OpenRCT2/OpenRCT2.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Validate more inputs to SawyerChunk handlers

This commit is contained in:
Michał Janiszewski 2017-08-03 00:29:22 +02:00
parent dabc52b036
commit e9e37d2aac
2 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/openrct2/rct12/SawyerChunkReader.cpp
View File

@ -82,6 +82,7 @@ std::shared_ptr<SawyerChunk> SawyerChunkReader::ReadChunk()
} }
size_t uncompressedLength = sawyercoding_read_chunk_buffer(buffer, compressedData.get(), header, bufferSize); size_t uncompressedLength = sawyercoding_read_chunk_buffer(buffer, compressedData.get(), header, bufferSize);
Guard::Assert(uncompressedLength != 0, "Encountered zero-sized chunk!");
buffer = Memory::Reallocate(buffer, uncompressedLength); buffer = Memory::Reallocate(buffer, uncompressedLength);
if (buffer == nullptr) if (buffer == nullptr)
{ {

8
src/openrct2/util/sawyercoding.c
View File

@ -21,7 +21,7 @@
static size_t decode_chunk_rle(const uint8* src_buffer, uint8* dst_buffer, size_t length); static size_t decode_chunk_rle(const uint8* src_buffer, uint8* dst_buffer, size_t length);
static size_t decode_chunk_rle_with_size(const uint8* src_buffer, uint8* dst_buffer, size_t length, size_t dstSize); static size_t decode_chunk_rle_with_size(const uint8* src_buffer, uint8* dst_buffer, size_t length, size_t dstSize);
static size_t decode_chunk_repeat(uint8 *buffer, size_t length); static size_t decode_chunk_repeat(uint8 *buffer, size_t length, size_t dstLength);
static void decode_chunk_rotate(uint8 *buffer, size_t length); static void decode_chunk_rotate(uint8 *buffer, size_t length);
static size_t encode_chunk_rle(const uint8 *src_buffer, uint8 *dst_buffer, size_t length); static size_t encode_chunk_rle(const uint8 *src_buffer, uint8 *dst_buffer, size_t length);
@ -51,7 +51,7 @@ size_t sawyercoding_read_chunk_buffer(uint8 *dst_buffer, const uint8 *src_buffer
break; break;
case CHUNK_ENCODING_RLECOMPRESSED: case CHUNK_ENCODING_RLECOMPRESSED:
chunkHeader.length = (uint32)decode_chunk_rle_with_size(src_buffer, dst_buffer, chunkHeader.length, dst_buffer_size); chunkHeader.length = (uint32)decode_chunk_rle_with_size(src_buffer, dst_buffer, chunkHeader.length, dst_buffer_size);
chunkHeader.length = (uint32)decode_chunk_repeat(dst_buffer, chunkHeader.length); chunkHeader.length = (uint32)decode_chunk_repeat(dst_buffer, chunkHeader.length, dst_buffer_size);
break; break;
case CHUNK_ENCODING_ROTATE: case CHUNK_ENCODING_ROTATE:
memcpy(dst_buffer, src_buffer, chunkHeader.length); memcpy(dst_buffer, src_buffer, chunkHeader.length);
@ -271,7 +271,7 @@ static size_t decode_chunk_rle_with_size(const uint8* src_buffer, uint8* dst_buf
* *
* rct2: 0x006769F1 * rct2: 0x006769F1
*/ */
static size_t decode_chunk_repeat(uint8 *buffer, size_t length) static size_t decode_chunk_repeat(uint8 *buffer, size_t length, size_t dstLength)
{ {
size_t i, count; size_t i, count;
uint8 *src, *dst, *copyOffset; uint8 *src, *dst, *copyOffset;
@ -287,6 +287,8 @@ static size_t decode_chunk_repeat(uint8 *buffer, size_t length)
} else { } else {
count = (src[i] & 7) + 1; count = (src[i] & 7) + 1;
copyOffset = dst + (sint32)(src[i] >> 3) - 32; copyOffset = dst + (sint32)(src[i] >> 3) - 32;
assert(dst + count < buffer + dstLength);
assert(copyOffset + count < src + length);
memcpy(dst, copyOffset, count); memcpy(dst, copyOffset, count);
dst = (uint8*)((uintptr_t)dst + count); dst = (uint8*)((uintptr_t)dst + count);
} }