From 0317f678fbaf8c8166c06c31c94ca52b992c1846 Mon Sep 17 00:00:00 2001 From: cutealien Date: Thu, 21 Apr 2022 20:39:31 +0000 Subject: [PATCH] Fix bounds checking in CMemoryWriteFile::seek Thanks @sfan5 for patch: https://github.com/minetest/irrlicht/commit/a3d848ff8b47bfe6b1649342a6ea54e095aa7af4 Note I also modified the bounds checks for CMemoryReadFile once more to unify it with how Minetest fixed it. Due to some strange coincidence I had run into that bug yesterday for CMemoryReadFile and fixed it without realizing a fix was also part of a bunch of patches I had gotten 3 days earlier in the forum: https://irrlicht.sourceforge.io/forum/viewtopic.php?f=2&t=52819&p=306518#p306518 git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6352 dfc29bdd-3216-0410-991c-e03cc46cb475 --- source/Irrlicht/CMemoryFile.cpp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/source/Irrlicht/CMemoryFile.cpp b/source/Irrlicht/CMemoryFile.cpp index 57064390..a2143615 100644 --- a/source/Irrlicht/CMemoryFile.cpp +++ b/source/Irrlicht/CMemoryFile.cpp @@ -52,15 +52,14 @@ bool CMemoryReadFile::seek(long finalPos, bool relativeMovement) { if (relativeMovement) { - const long newPos = Pos + finalPos; - if (newPos > Len || newPos < 0) + if (Pos + finalPos < 0 || Pos + finalPos > Len) return false; Pos += finalPos; } else { - if (finalPos > Len || finalPos < 0) + if (finalPos < 0 || finalPos > Len) return false; Pos = finalPos; @@ -134,14 +133,14 @@ bool CMemoryWriteFile::seek(long finalPos, bool relativeMovement) { if (relativeMovement) { - if (Pos + finalPos > Len) + if (Pos + finalPos < 0 || Pos + finalPos > Len) return false; Pos += finalPos; } else { - if (finalPos > Len) + if (finalPos < 0 || finalPos > Len) return false; Pos = finalPos;