Changeset - r20996:741ab417bbc0
Parent rev.
Child rev.
[Not reviewed]
master
0 1 0
rubidium - 11 years ago 2013-11-23 18:11:01
rubidium@openttd.org
(svn r26070) -Fix: prevent extremely huge size for data (1+GiB)
1 file changed with 8 insertions and 1 deletions:
src/newgrf_config.cpp
8
1
0 comments (0 inline, 0 general)
src/newgrf_config.cpp
Show inline comments
 
@@ -335,7 +335,14 @@ size_t GRFGetSizeOfDataSection(FILE *f)
 
	if (fread(data, 1, header_len, f) == header_len) {
 
		if (data[0] == 0 && data[1] == 0 && MemCmpT(data + 2, _grf_cont_v2_sig, 8) == 0) {
 
			/* Valid container version 2, get data section size. */
 
			size_t offset = (data[13] << 24) | (data[12] << 16) | (data[11] << 8) | data[10];
 
			size_t offset = ((size_t)data[13] << 24) | ((size_t)data[12] << 16) | ((size_t)data[11] << 8) | (size_t)data[10];
 
			if (offset >= 1 * 1024 * 1024 * 1024) {
 
				DEBUG(grf, 0, "Unexpectedly large offset for NewGRF");
 
				/* Having more than 1 GiB of data is very implausible. Mostly because then
 
				 * all pools in OpenTTD are flooded already. Or it's just Action C all over.
 
				 * In any case, the offsets to graphics will likely not work either. */
 
				return SIZE_MAX;
 
			}
 
			return header_len + offset;
 
		}
 
	}
0 comments (0 inline, 0 general)
Server instance: code.theleruby.com-48 This site is powered by Kallithea, which is © 2010–2022 by various authors & licensed under GPLv3. – Support