mirror of https://github.com/OpenRCT2/OpenRCT2.git
Validate more inputs to SawyerChunk handlers
This commit is contained in:
parent
dabc52b036
commit
e9e37d2aac
|
@ -82,6 +82,7 @@ std::shared_ptr<SawyerChunk> SawyerChunkReader::ReadChunk()
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t uncompressedLength = sawyercoding_read_chunk_buffer(buffer, compressedData.get(), header, bufferSize);
|
size_t uncompressedLength = sawyercoding_read_chunk_buffer(buffer, compressedData.get(), header, bufferSize);
|
||||||
|
Guard::Assert(uncompressedLength != 0, "Encountered zero-sized chunk!");
|
||||||
buffer = Memory::Reallocate(buffer, uncompressedLength);
|
buffer = Memory::Reallocate(buffer, uncompressedLength);
|
||||||
if (buffer == nullptr)
|
if (buffer == nullptr)
|
||||||
{
|
{
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
|
|
||||||
static size_t decode_chunk_rle(const uint8* src_buffer, uint8* dst_buffer, size_t length);
|
static size_t decode_chunk_rle(const uint8* src_buffer, uint8* dst_buffer, size_t length);
|
||||||
static size_t decode_chunk_rle_with_size(const uint8* src_buffer, uint8* dst_buffer, size_t length, size_t dstSize);
|
static size_t decode_chunk_rle_with_size(const uint8* src_buffer, uint8* dst_buffer, size_t length, size_t dstSize);
|
||||||
static size_t decode_chunk_repeat(uint8 *buffer, size_t length);
|
static size_t decode_chunk_repeat(uint8 *buffer, size_t length, size_t dstLength);
|
||||||
static void decode_chunk_rotate(uint8 *buffer, size_t length);
|
static void decode_chunk_rotate(uint8 *buffer, size_t length);
|
||||||
|
|
||||||
static size_t encode_chunk_rle(const uint8 *src_buffer, uint8 *dst_buffer, size_t length);
|
static size_t encode_chunk_rle(const uint8 *src_buffer, uint8 *dst_buffer, size_t length);
|
||||||
|
@ -51,7 +51,7 @@ size_t sawyercoding_read_chunk_buffer(uint8 *dst_buffer, const uint8 *src_buffer
|
||||||
break;
|
break;
|
||||||
case CHUNK_ENCODING_RLECOMPRESSED:
|
case CHUNK_ENCODING_RLECOMPRESSED:
|
||||||
chunkHeader.length = (uint32)decode_chunk_rle_with_size(src_buffer, dst_buffer, chunkHeader.length, dst_buffer_size);
|
chunkHeader.length = (uint32)decode_chunk_rle_with_size(src_buffer, dst_buffer, chunkHeader.length, dst_buffer_size);
|
||||||
chunkHeader.length = (uint32)decode_chunk_repeat(dst_buffer, chunkHeader.length);
|
chunkHeader.length = (uint32)decode_chunk_repeat(dst_buffer, chunkHeader.length, dst_buffer_size);
|
||||||
break;
|
break;
|
||||||
case CHUNK_ENCODING_ROTATE:
|
case CHUNK_ENCODING_ROTATE:
|
||||||
memcpy(dst_buffer, src_buffer, chunkHeader.length);
|
memcpy(dst_buffer, src_buffer, chunkHeader.length);
|
||||||
|
@ -271,7 +271,7 @@ static size_t decode_chunk_rle_with_size(const uint8* src_buffer, uint8* dst_buf
|
||||||
*
|
*
|
||||||
* rct2: 0x006769F1
|
* rct2: 0x006769F1
|
||||||
*/
|
*/
|
||||||
static size_t decode_chunk_repeat(uint8 *buffer, size_t length)
|
static size_t decode_chunk_repeat(uint8 *buffer, size_t length, size_t dstLength)
|
||||||
{
|
{
|
||||||
size_t i, count;
|
size_t i, count;
|
||||||
uint8 *src, *dst, *copyOffset;
|
uint8 *src, *dst, *copyOffset;
|
||||||
|
@ -287,6 +287,8 @@ static size_t decode_chunk_repeat(uint8 *buffer, size_t length)
|
||||||
} else {
|
} else {
|
||||||
count = (src[i] & 7) + 1;
|
count = (src[i] & 7) + 1;
|
||||||
copyOffset = dst + (sint32)(src[i] >> 3) - 32;
|
copyOffset = dst + (sint32)(src[i] >> 3) - 32;
|
||||||
|
assert(dst + count < buffer + dstLength);
|
||||||
|
assert(copyOffset + count < src + length);
|
||||||
memcpy(dst, copyOffset, count);
|
memcpy(dst, copyOffset, count);
|
||||||
dst = (uint8*)((uintptr_t)dst + count);
|
dst = (uint8*)((uintptr_t)dst + count);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue