GitList

@@ -385,11 +385,18 @@ int mew_lzma(char *orgsource, const char *buf, uint32_t size_sum, uint32_t vma,
 		if (!special)
 		{
 			source = pushed_ebx;
+			if (!CLI_ISCONTAINED(orgsource, size_sum, source, 16))
+				return -1;
+
 			if (cli_readint32(source) == 0)
 			{
 				return 0;
 			}
+		} else {
+			if (!CLI_ISCONTAINED(orgsource, size_sum, source, 12))
+				return -1;
 		}
+
 		var28 = cli_readint32 (source);
 		source += 4;
 		temp = cli_readint32 (source) - vma;

...	...	@@ -385,11 +385,18 @@ int mew_lzma(char orgsource, const char buf, uint32_t size_sum, uint32_t vma,
385	385	if (!special)
386	386	{
387	387	source = pushed_ebx;
	388	+ if (!CLI_ISCONTAINED(orgsource, size_sum, source, 16))
	389	+ return -1;
	390	+
388	391	if (cli_readint32(source) == 0)
389	392	{
390	393	return 0;
391	394	}
	395	+ } else {
	396	+ if (!CLI_ISCONTAINED(orgsource, size_sum, source, 12))
	397	+ return -1;
392	398	}
	399	+
393	400	var28 = cli_readint32 (source);
394	401	source += 4;
395	402	temp = cli_readint32 (source) - vma;

bb#11514 - fixed mew source read issue