Avoid engine execution with corrupted video files (#7427)

ihhub · Jul 19, 2023 · 52f6cf2 · 52f6cf2
1 parent bc44624
commit 52f6cf2
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 8 deletions.
diff --git a/VisualStudio/fheroes2/sources.props b/VisualStudio/fheroes2/sources.props
@@ -234,6 +234,7 @@
     <ClInclude Include="src\engine\core.h" />
     <ClInclude Include="src\engine\dir.h" />
     <ClInclude Include="src\engine\endian_h2.h" />
+    <ClInclude Include="src\engine\exception.h" />
     <ClInclude Include="src\engine\h2d_file.h" />
     <ClInclude Include="src\engine\image.h" />
     <ClInclude Include="src\engine\image_palette.h" />

diff --git a/src/engine/exception.h b/src/engine/exception.h
@@ -0,0 +1,31 @@
+/***************************************************************************
+ *   fheroes2: https://github.com/ihhub/fheroes2                           *
+ *   Copyright (C) 2023                                                    *
+ *                                                                         *
+ *   This program is free software; you can redistribute it and/or modify  *
+ *   it under the terms of the GNU General Public License as published by  *
+ *   the Free Software Foundation; either version 2 of the License, or     *
+ *   (at your option) any later version.                                   *
+ *                                                                         *
+ *   This program is distributed in the hope that it will be useful,       *
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ *   GNU General Public License for more details.                          *
+ *                                                                         *
+ *   You should have received a copy of the GNU General Public License     *
+ *   along with this program; if not, write to the                         *
+ *   Free Software Foundation, Inc.,                                       *
+ *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ ***************************************************************************/
+
+#pragma once
+
+#include <stdexcept>
+
+namespace fheroes2
+{
+    class InvalidDataResources : public std::logic_error
+    {
+        using std::logic_error::logic_error;
+    };
+}
diff --git a/src/engine/smk_decoder.cpp b/src/engine/smk_decoder.cpp
@@ -18,20 +18,47 @@
  *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
  ***************************************************************************/
 
+#include "smk_decoder.h"
+
 #include <algorithm>
 #include <cassert>
 #include <cstdint>
+#include <cstdio>
 #include <cstring>
+#include <functional>
 #include <memory>
 
+#include "exception.h"
 #include "image.h"
 #include "serialize.h"
 #include "smacker.h"
-#include "smk_decoder.h"
 
 namespace
 {
     const size_t audioHeaderSize = 44;
+
+    void verifyVideoFile( const std::string & filePath )
+    {
+        if ( filePath.empty() ) {
+            // Why are you trying to even play a file from an empty path?
+            assert( 0 );
+            return;
+        }
+
+        // Verify that the file is valid. We use C-code on purpose since libsmacker library does the same.
+        std::unique_ptr<std::FILE, std::function<int( std::FILE * )>> file( std::fopen( filePath.c_str(), "rb" ), std::fclose );
+        if ( file == nullptr ) {
+            return;
+        }
+
+        std::fseek( file.get(), 0, SEEK_END );
+        const size_t fileSize = std::ftell( file.get() );
+
+        // According to https://wiki.multimedia.cx/index.php/Smacker the minimum size of a file must be 56 bytes.
+        if ( fileSize < 56 ) {
+            throw fheroes2::InvalidDataResources( "Video file " + filePath + " is being corrupted. Make sure that you own an official version of the game." );
+        }
+    }
 }
 
 SMKVideoSequence::SMKVideoSequence( const std::string & filePath )
@@ -43,6 +70,8 @@ SMKVideoSequence::SMKVideoSequence( const std::string & filePath )
     , _currentFrameId( 0 )
     , _videoFile( nullptr )
 {
+    verifyVideoFile( filePath );
+
     _videoFile = smk_open_file( filePath.c_str(), SMK_MODE_MEMORY );
     if ( _videoFile == nullptr )
         return;

diff --git a/src/fheroes2/agg/agg_image.cpp b/src/fheroes2/agg/agg_image.cpp
@@ -38,6 +38,7 @@
 #include "agg.h"
 #include "agg_file.h"
 #include "battle_cell.h"
+#include "exception.h"
 #include "h2d.h"
 #include "icn.h"
 #include "image.h"

diff --git a/src/fheroes2/agg/agg_image.h b/src/fheroes2/agg/agg_image.h
@@ -21,8 +21,6 @@
 #pragma once
 
 #include <cstdint>
-#include <stdexcept>
-#include <string>
 
 namespace fheroes2
 {
@@ -52,9 +50,4 @@ namespace fheroes2
         // This function must be called only at the type of setting up a new language.
         void updateLanguageDependentResources( const SupportedLanguage language, const bool loadOriginalAlphabet );
     }
-
-    class InvalidDataResources : public std::logic_error
-    {
-        using std::logic_error::logic_error;
-    };
 }
diff --git a/src/fheroes2/game/fheroes2.cpp b/src/fheroes2/game/fheroes2.cpp
@@ -54,6 +54,7 @@
 #include "cursor.h"
 #include "dir.h"
 #include "embedded_image.h"
+#include "exception.h"
 #include "game.h"
 #include "game_logo.h"
 #include "game_video.h"