From 555ac1c7f33f32de25259a97f5b049f640d6f65d Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sat, 18 Mar 2006 22:10:05 +0000 Subject: [PATCH] fixed corrupt file loads smashing the stack added compile of support code --- amxmodx/CLang.cpp | 10 +++++++++- amxmodx/JIT/helpers-x86.obj | Bin 0 -> 381 bytes 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 amxmodx/JIT/helpers-x86.obj diff --git a/amxmodx/CLang.cpp b/amxmodx/CLang.cpp index 832706b2..91be2652 100755 --- a/amxmodx/CLang.cpp +++ b/amxmodx/CLang.cpp @@ -766,6 +766,8 @@ bool CLangMngr::LoadCache(const char *filename) return false; } + SetUnhandledExceptionFilter(NULL); + short dictCount = 0; char len = 0; char buf[255]; @@ -867,6 +869,11 @@ bool CLangMngr::Load(const char *filename) save = ftell(fp); fseek(fp, keyoffset, SEEK_SET); DATREAD(fread((void*)&keylen, sizeof(char), 1, fp), char); + //technically this isn't possible since + // a char will never be more than 255 + // but it's good practice. + if (keylen > sizeof(keybuf)) + return false; DATREAD_S(fread(keybuf, sizeof(char), keylen, fp), keylen); keybuf[keylen] = 0; _tmpkey.assign(keybuf); @@ -902,7 +909,8 @@ bool CLangMngr::Load(const char *filename) save = ftell(fp); fseek(fp, defoffset, SEEK_SET); DATREAD(fread((void *)&deflen, sizeof(unsigned short), 1, fp), short); - //:TODO: possible string overflow here. + if (deflen > sizeof(valbuf)) + return false; DATREAD_S(fread(valbuf, sizeof(char), deflen, fp), deflen); valbuf[deflen] = 0; m_Languages[i]->AddEntry(keynum, valbuf); diff --git a/amxmodx/JIT/helpers-x86.obj b/amxmodx/JIT/helpers-x86.obj new file mode 100644 index 0000000000000000000000000000000000000000..d9268b7f526d8d3a53c2d1682129c26f5fef3af6 GIT binary patch literal 381 zcmeZaWMtTKQre}Pfq{V&h(SQFB(2Ad3)wFZ(taFGBYD>1jCBHp>6G`O^&Ait=D UA)b(cURq*i4u&$l)Vvf10JykGb^rhX literal 0 HcmV?d00001