phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-05-08 01:53:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix(wcp): cap readInfo file-list parse at 1M entries

Browse source 
readInfo iterated the info JSON's files array without bounding;
a malicious WCP could declare more entries than the header
fileCount allows and grow info.files unbounded. Cap to 1M
matching the header check so both readInfo callers and
--list-wcp/--info-wcp stay bounded.
This commit is contained in:
Kelsi 2026-05-06 09:57:37 -07:00
parent bd97470929
commit ffc0862977
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tools/editor/content_pack.cpp
View file

@ -288,7 +288,12 @@ bool ContentPacker::readInfo(const std::string& wcpPath, ContentPackInfo& info)
info.mapId = j.value("mapId", 9000u);
info.files.clear();
if (j.contains("files") && j["files"].is_array()) {
// Same cap as the header fileCount — info JSON could declare
// more entries than the header, so this defends both readInfo
// callers and the listing CLI from runaway memory use.
constexpr size_t kMaxFiles = 1'000'000;
for (const auto& jf : j["files"]) {
if (info.files.size() >= kMaxFiles) break;
ContentPackInfo::FileEntry fe;
fe.path = jf.value("path", "");
fe.size = jf.value("size", 0ULL);