patch: fix buffer overflow in wdb parser

lib/dllmain.cpp

@@ -227,6 +227,10 @@ __declspec(dllexport) DWORD WINAPI Patch()
                        "\x80\x02\x00\x00\xE0\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00",
                        "\x40\x01\x00\x00\xE0\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x80\x02\x00\x00\xE0\x01\x00\x00", 24);*/
 
+  // Buffer overflow fix
+  LPVOID fread_offset = SearchPattern(dllBase, "\x24\x10\x6A\x01\x50\x51", 6);
+  freadOriginal = (freadFunction)OverwriteCall((char*)fread_offset + 6, (LPVOID)InterceptFread);
+
   return 0;
 }
 

lib/hooks.cpp

@@ -725,3 +725,14 @@ HRESULT WINAPI InterceptDirectInputCreateA(HINSTANCE hinst, DWORD dwVersion, LPD
 
   return res;
 }
+
+freadFunction freadOriginal = NULL;
+_CRTIMP size_t __cdecl InterceptFread(void *buffer, size_t size, size_t count, FILE *stream)
+{
+  if (size > 128) {
+    MessageBoxA(NULL, "Invalid name length encountered during parsing. The file may be corrupt.", "WORLD.WDB Read Error", MB_ICONERROR);
+    return -1;
+  }
+
+  return freadOriginal(buffer, size, count, stream);
+}

lib/hooks.h

@@ -1,6 +1,8 @@
 #ifndef HOOKS_H
 #define HOOKS_H
 
+#include <cstdio>
+
 #include <D3DRM.H>
 #include <DDRAW.H>
 #include <DINPUT.H>
@@ -63,4 +65,8 @@ typedef HRESULT (WINAPI *dinputCreateFunction)(HINSTANCE hinst, DWORD dwVersion,
 extern dinputCreateFunction dinputCreateOriginal;
 HRESULT WINAPI InterceptDirectInputCreateA(HINSTANCE hinst, DWORD dwVersion, LPDIRECTINPUTA *ppDI, LPUNKNOWN punkOuter);
 
+typedef _CRTIMP size_t (__cdecl *freadFunction)(void *buffer, size_t size, size_t count, FILE *stream);
+extern freadFunction freadOriginal;
+_CRTIMP size_t __cdecl InterceptFread(void *buffer, size_t size, size_t count, FILE *stream);
+
 #endif // HOOKS_H