matthew/The-Powder-Toy
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Hotfix: Don't open saves larger than 200MB

Browse Source
This commit is contained in:
Simon Robertshaw 2013-11-15 14:38:22 +00:00
parent 138cb4d757
commit e1616fdd82
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/client/GameSave.cpp
View File

@ -472,8 +472,13 @@ void GameSave::readOPS(char * data, int dataLength)
bsonDataLen |= ((unsigned)inputData[9]) << 8; bsonDataLen |= ((unsigned)inputData[9]) << 8;
bsonDataLen |= ((unsigned)inputData[10]) << 16; bsonDataLen |= ((unsigned)inputData[10]) << 16;
bsonDataLen |= ((unsigned)inputData[11]) << 24; bsonDataLen |= ((unsigned)inputData[11]) << 24;
bsonData = (unsigned char*)malloc(bsonDataLen+1); //Check for overflows, don't load saves larger than 200MB
unsigned int toAlloc = bsonDataLen+1;
if(toAlloc > 209715200 || !toAlloc)
throw ParseException(ParseException::InvalidDimensions, "Save data too large, refusing");
bsonData = (unsigned char*)malloc(toAlloc);
if(!bsonData) if(!bsonData)
throw ParseException(ParseException::InternalError, "Unable to allocate memory"); throw ParseException(ParseException::InternalError, "Unable to allocate memory");
@ -1146,6 +1151,10 @@ void GameSave::readPSv(char * data, int dataLength)
i |= ((unsigned)c[9])<<8; i |= ((unsigned)c[9])<<8;
i |= ((unsigned)c[10])<<16; i |= ((unsigned)c[10])<<16;
i |= ((unsigned)c[11])<<24; i |= ((unsigned)c[11])<<24;
if(i > 209715200 || !i)
throw ParseException(ParseException::InvalidDimensions, "Save data too large");
d = (unsigned char *)malloc(i); d = (unsigned char *)malloc(i);
if (!d) if (!d)
throw ParseException(ParseException::Corrupt, "Cannot allocate memory"); throw ParseException(ParseException::Corrupt, "Cannot allocate memory");