Half-Life-RTX
/
xash3d-fwgs
mirror of https://github.com/w23/xash3d-fwgs
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

engine: soundlib: wav: attempt to make FindNextChunk more safe

This commit is contained in:
Alibek Omarov 2023-05-02 08:54:37 +03:00
parent 5a7b68fcc1
commit 78e239d883
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
engine/common/soundlib/snd_wav.c
View File

@ -62,11 +62,14 @@ FindNextChunk
*/ */
static void FindNextChunk( const char *name ) static void FindNextChunk( const char *name )
{ {
int remaining;
while( 1 ) while( 1 )
{ {
iff_dataPtr = iff_lastChunk; iff_dataPtr = iff_lastChunk;
remaining = iff_end - iff_dataPtr;
if( iff_dataPtr >= iff_end ) if( remaining < 8 )
{ {
// didn't find the chunk // didn't find the chunk
iff_dataPtr = NULL; iff_dataPtr = NULL;
@ -76,14 +79,24 @@ static void FindNextChunk( const char *name )
iff_dataPtr += 4; iff_dataPtr += 4;
iff_chunkLen = GetLittleLong(); iff_chunkLen = GetLittleLong();
remaining -= 8;
if( iff_chunkLen < 0 ) if( iff_chunkLen < 0 )
{ {
iff_dataPtr = NULL; iff_dataPtr = NULL;
return; return;
} }
if( iff_chunkLen > remaining )
{
iff_chunkLen = remaining;
}
remaining -= iff_chunkLen;
iff_dataPtr -= 8; iff_dataPtr -= 8;
iff_lastChunk = iff_dataPtr + 8 + ((iff_chunkLen + 1) & ~1); iff_lastChunk = iff_dataPtr + 8 + iff_chunkLen;
if( iff_chunkLen & 1 && remaining )
iff_chunkLen++;
if( !Q_strncmp( (const char *)iff_dataPtr, name, 4 )) if( !Q_strncmp( (const char *)iff_dataPtr, name, 4 ))
return; return;