From 7c7e36f6bee2544afdc9fe7eec12fc6beb27b880 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Sun, 29 Jan 2023 00:53:48 +0100
Subject: [PATCH] io/region: avoid panic for invalid chunk lengths

---
 src/io/region.rs | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/io/region.rs b/src/io/region.rs
index 1f02017..7602c62 100644
--- a/src/io/region.rs
+++ b/src/io/region.rs
@@ -26,12 +26,12 @@ fn parse_header(header: &ChunkArray<u32>) -> HashMap<u32, ChunkDesc> {
 		let offset_len = u32::from_be(chunk);
 
 		let offset = offset_len >> 8;
-		if offset == 0 {
+		let len = offset_len as u8;
+
+		if offset == 0 || len == 0 {
 			continue;
 		}
 
-		let len = offset_len as u8;
-
 		map.insert(offset, ChunkDesc { coords, len });
 	}
 
@@ -49,7 +49,11 @@ where
 			.context("Failed to decode chunk size")?,
 	) as usize;
 
+	if len < 1 || len > buf.len() {
+		bail!("Invalid chunk size");
+	}
 	let buf = &buf[..len];
+
 	let (format, buf) = buf.split_at(1);
 	if !matches!(format, [2]) {
 		bail!("Unknown chunk format");