From 47ced7dec4fc99dbb98a0630f76952841a80ea67 Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Fri, 16 Apr 2021 18:33:12 +0200
Subject: [PATCH] Add some validation for bsa parsing

This should fix #5955
---
 components/bsa/bsa_file.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/components/bsa/bsa_file.cpp b/components/bsa/bsa_file.cpp
index ef49a60d2..ec455ea1f 100644
--- a/components/bsa/bsa_file.cpp
+++ b/components/bsa/bsa_file.cpp
@@ -168,6 +168,14 @@ void BSAFile::readHeader()
         fs.setNameInfos(namesOffset, &mStringBuf);
         fs.hash = hashes[i];
 
+        if (namesOffset >= mStringBuf.size()) {
+            fail("Archive contains names offset outside itself");
+        }
+        const void* end = std::memchr(fs.name(), '\0', mStringBuf.size()-namesOffset);
+        if (!end) {
+            fail("Archive contains non-zero terminated string");
+        }
+
         endOfNameBuffer = std::max(endOfNameBuffer, namesOffset + std::strlen(fs.name())+1);
         assert(endOfNameBuffer <= mStringBuf.size());