1
0

Fixed String Parsing crash bug

Check string length against actual remaining data, not an abitary constant
This commit is contained in:
tycho 2015-12-18 12:08:55 +01:00
parent eb87214f6d
commit 9e6161305d

View File

@ -91,11 +91,7 @@ bool cParsedNBT::ReadString(size_t & a_StringStart, size_t & a_StringLen)
NEEDBYTES(2); NEEDBYTES(2);
a_StringStart = m_Pos + 2; a_StringStart = m_Pos + 2;
a_StringLen = static_cast<size_t>(GetBEShort(m_Data + m_Pos)); a_StringLen = static_cast<size_t>(GetBEShort(m_Data + m_Pos));
if (a_StringLen > 0xffff) NEEDBYTES(a_StringLen);
{
// Suspicious string length
return false;
}
m_Pos += 2 + a_StringLen; m_Pos += 2 + a_StringLen;
return true; return true;
} }