Skip to content

[pull] master from ladislav-zezula:master #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 2 commits into from
Sep 15, 2025
Merged

[pull] master from ladislav-zezula:master #67

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
49b619b
Fixed https://github.com/ladislav-zezula/StormLib/issues/397 and http…
ladislav-zezula Sep 15, 2025
d1aef90
Merge pull request #399 from ladislav-zezula/LZ_FuzzingIssues
ladislav-zezula Sep 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions src/SBaseCommon.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1019,6 +1019,11 @@ void * LoadMpqTable(
return NULL;
}
}
else
{
// pocs/MPQ_2025_06_BadHashTableSize.mpq
dwCompressedSize = dwTableSize;
}

// Get the file offset from which we will read the table
// Note: According to Storm.dll from Warcraft III (version 2002),
Expand Down
5 changes: 3 additions & 2 deletions src/SBaseFileTable.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2508,7 +2508,8 @@ TMPQHetTable * LoadHetTable(TMPQArchive * ha)
TMPQHeader * pHeader = ha->pHeader;

// If the HET table position is not 0, we expect the table to be present
if(pHeader->HetTablePos64 && pHeader->HetTableSize64)
// Alsom the HET table must have a reasonable size
if(pHeader->HetTablePos64 && pHeader->HetTableSize64 && pHeader->HetTableSize64 < BET_TABLE_MAX_SIZE)
{
// Attempt to load the HET table (Hash Extended Table)
pExtTable = LoadExtTable(ha, pHeader->HetTablePos64, (size_t)pHeader->HetTableSize64, HET_TABLE_SIGNATURE, MPQ_KEY_HASH_TABLE);
Expand All @@ -2530,7 +2531,7 @@ TMPQBetTable * LoadBetTable(TMPQArchive * ha)
TMPQHeader * pHeader = ha->pHeader;

// If the BET table position is not 0, we expect the table to be present
if(pHeader->BetTablePos64 && pHeader->BetTableSize64)
if(pHeader->BetTablePos64 && pHeader->BetTableSize64 && pHeader->BetTableSize64 < BET_TABLE_MAX_SIZE)
{
// Attempt to load the HET table (Hash Extended Table)
pExtTable = LoadExtTable(ha, pHeader->BetTablePos64, (size_t)pHeader->BetTableSize64, BET_TABLE_SIGNATURE, MPQ_KEY_BLOCK_TABLE);
Expand Down
1 change: 1 addition & 0 deletions src/StormLib.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,6 +292,7 @@ extern "C" {
// Signatures for HET and BET table
#define HET_TABLE_SIGNATURE 0x1A544548 // 'HET\x1a'
#define BET_TABLE_SIGNATURE 0x1A544542 // 'BET\x1a'
#define BET_TABLE_MAX_SIZE 0x00100000 // Maximum acceptable size of HET&BET tables

// Decryption keys for MPQ tables
#define MPQ_KEY_HASH_TABLE 0xC3AF3770 // Obtained by HashString("(hash table)", MPQ_HASH_FILE_KEY)
Expand Down
9 changes: 6 additions & 3 deletions test/StormTest.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3960,8 +3960,8 @@ static void Test_PlayingSpace()
LPBYTE pbData;
DWORD dwFileSize = 529298;
DWORD dwBytesRead = 0;

if(SFileOpenArchive(_T("c:\\War3.mpq"), 0, 0, &hMpq))
/*
if(SFileOpenArchive(_T("e:\\2.mpq"), 0, 0, &hMpq))
{
if(SFileOpenFileEx(hMpq, "(listfile)", 0, &hFile))
{
Expand All @@ -3974,6 +3974,7 @@ static void Test_PlayingSpace()
}
SFileCloseArchive(hMpq);
}
*/
}

//-----------------------------------------------------------------------------
Expand Down Expand Up @@ -4237,7 +4238,7 @@ static const TEST_INFO1 TestList_MasterMirror[] =
static const TEST_INFO1 Test_OpenMpqs[] =
{

// PoC's by Gabe Sherman, tinh0.
// PoC's by Gabe Sherman, tinh0, Zao Yang
{_T("pocs/MPQ_2024_01_HeapOverrun.mpq"), NULL, "7008f95dcbc4e5d840830c176dec6969", 14},
{_T("pocs/MPQ_2024_02_StackOverflow.mpq"), NULL, "7093fcbcc9674b3e152e74e8e8a937bb", 4},
{_T("pocs/MPQ_2024_03_TooBigAlloc.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
Expand All @@ -4255,6 +4256,8 @@ static const TEST_INFO1 Test_OpenMpqs[] =
{_T("pocs/MPQ_2025_03_InvalidPatchInfo.mpq"), NULL, "93b885adfe0da089cdf634904fd59f71", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2025_04_InvalidArchiveSize64.mpq"), NULL, "--------------------------------", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2025_05_AddFileError.mpq"), NULL, "ce9b8afed4221a53663d391f10691ba6", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2025_06_BadHashTableSize.mpq"), NULL, "00000000000000000000000000000000", TFLG_WILL_FAIL},
{_T("pocs/MPQ_2025_07_BadHetTableSize.mpq"), NULL, "00000000000000000000000000000000", TFLG_WILL_FAIL},

// Correct or damaged archives
{_T("MPQ_1997_v1_Diablo1_DIABDAT.MPQ"), NULL, "554b538541e42170ed41cb236483489e", 2910, &TwoFilesD1}, // Base MPQ from Diablo 1
Expand Down
2 changes: 2 additions & 0 deletions test/stormlib-test-001.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ TestReadingMpq (pocs/MPQ_2025_02_SectorOffsetSizeNotAligned.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_03_InvalidPatchInfo.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_04_InvalidArchiveSize64.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_05_AddFileError.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_06_BadHashTableSize.mpq) succeeded.
TestReadingMpq (pocs/MPQ_2025_07_BadHetTableSize.mpq) succeeded.
TestReadingMpq (MPQ_1997_v1_Diablo1_DIABDAT.MPQ) succeeded.
TestReadingMpq (MPQ_1997_v1_patch_rt_SC1B.mpq) succeeded.
TestReadingMpq (MPQ_1997_v1_StarDat_SC1B.mpq) succeeded.
Expand Down
Loading