FastNBT: Added a sanity check for number of list items.
Fixes CID 55812.
This commit is contained in:
parent
afdd53729c
commit
e192da5316
@ -10,6 +10,13 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
/** If a list being loaded has more than this number of items, it's considered corrupted. */
|
||||||
|
static const int MAX_LIST_ITEMS = 10000;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// The number of NBT tags that are reserved when an NBT parsing is started.
|
// The number of NBT tags that are reserved when an NBT parsing is started.
|
||||||
// You can override this by using a cmdline define
|
// You can override this by using a cmdline define
|
||||||
#ifndef NBT_RESERVE_SIZE
|
#ifndef NBT_RESERVE_SIZE
|
||||||
@ -142,7 +149,7 @@ bool cParsedNBT::ReadList(eTagType a_ChildrenType)
|
|||||||
NEEDBYTES(4);
|
NEEDBYTES(4);
|
||||||
int Count = GetBEInt(m_Data + m_Pos);
|
int Count = GetBEInt(m_Data + m_Pos);
|
||||||
m_Pos += 4;
|
m_Pos += 4;
|
||||||
if (Count < 0)
|
if ((Count < 0) || (Count > MAX_LIST_ITEMS))
|
||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user