From 4165687b9036344270342acae34fe5086b0bf949 Mon Sep 17 00:00:00 2001
From: Nick Bowler <nbowler@draconx.ca>
Date: Sun, 20 May 2012 00:08:12 -0400
Subject: [PATCH] music: Check data size against actual file size.

Blindly setting the file size to something potentially larger than it
seems outright silly.  All this mucking about with the upkg_file struct
members should probably be eliminated eventually, but may as well do it
sanely for now.
---
 src/engine/music.gob | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/engine/music.gob b/src/engine/music.gob
index b4ed7d2..f0bde09 100644
--- a/src/engine/music.gob
+++ b/src/engine/music.gob
@@ -108,7 +108,6 @@ class Engine:Music from U:Object (dynamic)
 	override (U:Object) int deserialize(U:Object *uo)
 	{
 		struct upkg_file *f = uo->pkg_file;
-		Self *self = SELF(uo);
 		size_t rc, pos = 0, buflen;
 		unsigned char buf[32];
 		long size;
@@ -130,7 +129,7 @@ class Engine:Music from U:Object (dynamic)
 		}
 
 		rc = upkg_decode_index(&size, buf+pos, buflen-pos);
-		if (rc == 0 || size < 0)
+		if (rc == 0 || size < 0 || size > f->len - pos)
 			return -1;
 		pos += rc;
 
-- 
2.43.0