Add negative length checks during deserialization

UnderminersTeam / UndertaleModTool

The most complete tool for modding, decompiling and unpacking Undertale (and other GameMaker games!)

GNU General Public License v3.0

1.19k stars 233 forks source link

Add negative length checks during deserialization #1885

Closed colinator27 closed 3 months ago

colinator27 commented 3 months ago

Description

Added more safety checks to binary readers, and to deserialization in general (preventing unintended negative lengths/jumps that could lead to infinite loops).

Caveats

None that I can think of, unless new bugs are accidentally introduced.

Notes

Split up from previous serialization cleanup/optimization PR.

Miepee commented 3 months ago

conflicts

github-actions[bot] commented 3 months ago

Download the artifacts for this pull request here:

GUI:

GUI-windows-latest-isBundled-false-isSingleFile-false
GUI-windows-latest-isBundled-false-isSingleFile-true

CLI:

CLI-ubuntu-latest-isBundled-false
CLI-macOS-latest-isBundled-false
CLI-windows-latest-isBundled-false