WoWee/tools/editor/content_pack.cpp at bf8d37c14561c111fa58d00a86d8cb8e8fb95c85

mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-06-03 13:41:43 -04:00

Files

Kelsi ffc0862977 fix(wcp): cap readInfo file-list parse at 1M entries

readInfo iterated the info JSON's files array without bounding;
a malicious WCP could declare more entries than the header
fileCount allows and grow info.files unbounded. Cap to 1M
matching the header check so both readInfo callers and
--list-wcp/--info-wcp stay bounded.

2026-05-06 09:57:37 -07:00

17 KiB

Raw Blame History

View Raw

17 KiB Raw Blame History

17 KiB

Raw Blame History