From d557ca2dfba5ffcca99ceb41b07d149f871964b5 Mon Sep 17 00:00:00 2001
From: Loki Rautio <lokirautio@gmail.com>
Date: Mon, 9 Mar 2026 04:45:14 -0500
Subject: LCEMP RCE fixes

Based on commit d017bfc30a68888bf5c79b23cf5c4f607cf828bf
---
 Minecraft.World/ByteArrayOutputStream.cpp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

(limited to 'Minecraft.World/ByteArrayOutputStream.cpp')

diff --git a/Minecraft.World/ByteArrayOutputStream.cpp b/Minecraft.World/ByteArrayOutputStream.cpp
index a9f36e04..a6fdad8f 100644
--- a/Minecraft.World/ByteArrayOutputStream.cpp
+++ b/Minecraft.World/ByteArrayOutputStream.cpp
@@ -53,9 +53,25 @@ void ByteArrayOutputStream::write(byteArray b, unsigned int offset, unsigned int
 {
 	assert( b.length >= offset + length );
 
+	if (offset > b.length || length > b.length - offset)
+    {
+        return;
+    }
+
+    if (length > 0xFFFFFFFF - count)
+    {
+        return;
+
 	// If we will fill the buffer we need to make it bigger
 	if( count + length >=  buf.length )
-		buf.resize( max( count + length + 1, buf.length * 2 ) );
+    {
+        unsigned int newSize = (std::max)(count + length + 1, buf.length * 2);
+        if (newSize <= buf.length)
+        {
+            return;
+        }
+        buf.resize(newSize);
+    }
 
 	XMemCpy( &buf[count], &b[offset], length );
 	//std::copy( b->data+offset, b->data+offset+length, buf->data + count ); // Or this instead?
-- 
cgit v1.2.3