From 64b85ff9ff9560623056c89a54bb31bce2e0d833 Mon Sep 17 00:00:00 2001 From: Kelsi Date: Wed, 6 May 2026 09:31:36 -0700 Subject: [PATCH] fix(whm): reject load on overlong per-chunk alphaSize MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Same load-desync pattern as elsewhere — alphaSize > 65536 silently skipped the read but the actual alpha bytes were still on disk, so the next chunk's baseHeight float read would parse alpha bytes. Now rejects the load with LOG_ERROR. --- src/pipeline/wowee_terrain_loader.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/pipeline/wowee_terrain_loader.cpp b/src/pipeline/wowee_terrain_loader.cpp index 9ab6e101..c0b5de3a 100644 --- a/src/pipeline/wowee_terrain_loader.cpp +++ b/src/pipeline/wowee_terrain_loader.cpp @@ -58,9 +58,17 @@ bool WoweeTerrainLoader::loadHeightmap(const std::string& whmPath, ADTTerrain& t if (!std::isfinite(h)) h = 0.0f; } - // Read alpha map data (may not be present in older WHM files) + // Read alpha map data (may not be present in older WHM files). + // Reject overlong alphaSize to keep the per-chunk block alignment — + // skipping a 100MB alpha block would leave the next chunk's + // baseHeight read parsing alpha bytes as floats. uint32_t alphaSize = 0; - if (f.read(reinterpret_cast(&alphaSize), 4) && alphaSize > 0 && alphaSize <= 65536) { + if (f.read(reinterpret_cast(&alphaSize), 4) && alphaSize > 0) { + if (alphaSize > 65536) { + LOG_ERROR("WHM chunk ", ci, " alphaSize rejected (", + alphaSize, "): ", whmPath); + return false; + } chunk.alphaMap.resize(alphaSize); f.read(reinterpret_cast(chunk.alphaMap.data()), alphaSize); }