lifegpc/msg-tool
1
0
Fork 0
mirror of https://github.com/lifegpc/msg-tool.git synced 2026-06-06 21:08:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix some overflow problem

Browse Source
This commit is contained in:
lifegpc
2026-04-12 00:29:11 +08:00
parent 6265c8f46b
commit 52145d7c04
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/scripts/circus/archive/dat.rs
View File

@@ -354,7 +354,7 @@ fn is_this_format_name_len(buf: &[u8], name_len: usize) -> Result<u8> {
}
let first_size = reader.cpeek_u32_at(name_len as u64)?;
let second_offset = reader.cpeek_u32_at(8 + name_len as u64 * 2)?;
if second_offset - next_offset == first_size {
if second_offset < next_offset || second_offset - next_offset == first_size {
return Err(anyhow::anyhow!("Invalid second_offset in DAT archive"));
}
for i in 0..mcount {

7
src/scripts/circus/archive/pck.rs
View File

@@ -480,7 +480,12 @@ pub fn is_this_format(buf: &[u8]) -> Result<u8> {
while index < avail_count {
let off = reader.read_u32()?;
let size = reader.read_u32()?;
if off < prev_off || prev_off + prev_size != off {
if off < prev_off
|| prev_off
.checked_add(prev_size)
.ok_or_else(|| anyhow::anyhow!("Overflow in offset calculation"))?
!= off
{
return Err(anyhow::anyhow!("Invalid offset."));
}
prev_off = off;