File tree Expand file tree Collapse file tree 1 file changed +5
-1
lines changed
Expand file tree Collapse file tree 1 file changed +5
-1
lines changed Original file line number Diff line number Diff line change @@ -241,6 +241,8 @@ BOOL MMCMP_Unpack(LPCBYTE *ppMemFile, LPDWORD pdwMemLength)
241241 bb.bitbuffer = 0 ;
242242 bb.pSrc = lpMemFile+dwMemPos+pblk->tt_entries ;
243243 bb.pEnd = lpMemFile+dwMemPos+pblk->pk_size ;
244+ if (bb.pEnd > lpMemFile+dwMemLength)
245+ bb.pEnd = lpMemFile+dwMemLength;
244246 while (subblk < pblk->sub_blk )
245247 {
246248 UINT newval = 0x10000 ;
@@ -321,6 +323,8 @@ BOOL MMCMP_Unpack(LPCBYTE *ppMemFile, LPDWORD pdwMemLength)
321323 bb.bitbuffer = 0 ;
322324 bb.pSrc = lpMemFile+dwMemPos+pblk->tt_entries ;
323325 bb.pEnd = lpMemFile+dwMemPos+pblk->pk_size ;
326+ if (bb.pEnd > lpMemFile+dwMemLength)
327+ bb.pEnd = lpMemFile+dwMemLength;
324328 while (subblk < pblk->sub_blk )
325329 {
326330 UINT newval = 0x100 ;
@@ -353,7 +357,7 @@ BOOL MMCMP_Unpack(LPCBYTE *ppMemFile, LPDWORD pdwMemLength)
353357 {
354358 newval = d;
355359 }
356- if (newval < 0x100 && dwPos < dwSize)
360+ if (newval < 0x100 && dwPos < dwSize && dwMemPos < dwMemLength - newval )
357361 {
358362 int n = ptable[newval];
359363 if (pblk->flags & MMCMP_DELTA)
You can’t perform that action at this time.
0 commit comments