From d51ad3e7693856f6022f9060d9bf741c9c06f75e Mon Sep 17 00:00:00 2001 From: Aaron Kimbrell Date: Tue, 31 Mar 2026 04:45:15 -0500 Subject: [PATCH] Update dZoneManager/Raw.cpp Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- dZoneManager/Raw.cpp | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/dZoneManager/Raw.cpp b/dZoneManager/Raw.cpp index b9f2ae01..ed5115c3 100644 --- a/dZoneManager/Raw.cpp +++ b/dZoneManager/Raw.cpp @@ -93,10 +93,40 @@ namespace Raw { } // Read heightmap - uint32_t heightMapSize = chunk.width * chunk.height; + const size_t width = static_cast(chunk.width); + const size_t height = static_cast(chunk.height); + + if (width == 0 || height == 0) { + LOG("Chunk %u has invalid heightmap dimensions: width=%zu, height=%zu", chunk.id, width, height); + return false; + } + + if (width > kMaxResolution || height > kMaxResolution) { + LOG("Chunk %u heightmap dimensions exceed maximum resolution %u: width=%zu, height=%zu", chunk.id, kMaxResolution, width, height); + return false; + } + + if (height != 0 && width > std::numeric_limits::max() / height) { + LOG("Chunk %u heightmap size multiplication overflows: width=%zu, height=%zu", chunk.id, width, height); + return false; + } + + const size_t heightMapSize = width * height; + const size_t elementSize = sizeof(chunk.heightMap[0]); + + if (elementSize != 0 && heightMapSize > std::numeric_limits::max() / elementSize) { + LOG("Chunk %u heightmap byte size overflows: elements=%zu, elementSize=%zu", chunk.id, heightMapSize, elementSize); + return false; + } + + const size_t totalBytes = heightMapSize * elementSize; + if (totalBytes == 0 || totalBytes > kMaxBlobBytes) { + LOG("Chunk %u heightmap total size invalid: bytes=%zu (max %zu)", chunk.id, totalBytes, kMaxBlobBytes); + return false; + } chunk.heightMap.resize(heightMapSize); - for (uint32_t i = 0; i < heightMapSize; ++i) { + for (size_t i = 0; i < heightMapSize; ++i) { BinaryIO::BinaryRead(stream, chunk.heightMap[i]); }