From e76f5b98c8a90765089ae4ede077a50e1ac5abcb Mon Sep 17 00:00:00 2001
From: Kawe Mazidjatari <48657826+Mauler125@users.noreply.github.com>
Date: Wed, 5 Apr 2023 22:31:37 +0200
Subject: [PATCH] CLZSS: Fix bug causing iterator to go out of bounds

Check if 'position' exceeds buffer size.
---
 r5dev/tier1/lzss.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/r5dev/tier1/lzss.cpp b/r5dev/tier1/lzss.cpp
index 4294f059..d9f9f39e 100644
--- a/r5dev/tier1/lzss.cpp
+++ b/r5dev/tier1/lzss.cpp
@@ -329,13 +329,15 @@ unsigned int CLZSS::SafeUncompress( unsigned char *pInput, unsigned char *pOutpu
 			{
 				break;
 			}
-			unsigned char *pSource = pOutput - position - 1;
 
-			if ( totalBytes + count > unBufSize )
+			if ( position > totalBytes || // out of bounds
+				totalBytes + count > unBufSize )
 			{
 				return 0;
 			}
 
+			unsigned char* pSource = pOutput - position - 1;
+
 			for ( int i=0; i<count; i++ )
 			{
 				*pOutput++ = *pSource++;