cpp/openttd-patchpack/source Changeset - r20988:f8c9190d880e

Changeset - r20988:f8c9190d880e

Parent rev.

Child rev.

[Not reviewed]

master

0 2 0

rubidium - 11 years ago 2013-11-23 13:18:29
rubidium@openttd.org

(svn r26062) -Fix: beef up checks against invalid data in highscore and language files

2 files changed with 10 insertions and 5 deletions:

src/highscore.cpp

src/strings.cpp

0 comments (0 inline, 0 general)

src/highscore.cpp

➞

Show inline comments

@@ @@ -164,10 +164,10 @@ void LoadFromHighScore() @@
 		for (i = 0; i < SP_SAVED_HIGHSCORE_END; i++) {
 			for (hs = _highscore_table[i]; hs != endof(_highscore_table[i]); hs++) {
 				byte length;
 				if (fread(&length, sizeof(length), 1, fp)       !=  1 ||
 						fread(hs->company, length, 1, fp)           >   1 || // Yes... could be 0 bytes too
 						fread(&hs->score, sizeof(hs->score), 1, fp) !=  1 ||
 						fseek(fp, 2, SEEK_CUR)                      == -1) { // XXX - placeholder for hs->title, not saved anymore; compatibility
 				if (fread(&length, sizeof(length), 1, fp)                              !=  1 ||
 						fread(hs->company, min<int>(lengthof(hs->company), length), 1, fp) >   1 || // Yes... could be 0 bytes too
 						fread(&hs->score, sizeof(hs->score), 1, fp)                        !=  1 ||
 						fseek(fp, 2, SEEK_CUR)                                             == -1) { // XXX - placeholder for hs->title, not saved anymore; compatibility
 					DEBUG(misc, 1, "Highscore corrupted");
 					i = SP_SAVED_HIGHSCORE_END;
 					break;

src/strings.cpp

➞

Show inline comments

@@ @@ -1763,7 +1763,12 @@ bool ReadLanguagePack(const LanguageMeta @@
 	uint count = 0;
 	for (uint i = 0; i < TAB_COUNT; i++) {
 		uint num = lang_pack->offsets[i];
 		uint16 num = lang_pack->offsets[i];
 		if (num > TAB_SIZE) {
 				free(lang_pack);
 				return false;
+		}
 		_langtab_start[i] = count;
 		_langtab_num[i] = num;
 		count += num;

0 comments (0 inline, 0 general)