From de740535fe9e74efb40e336501ae606ac1b261de Mon Sep 17 00:00:00 2001
From: Flyinghead <raphael.jean@gmail.com>
Date: Sun, 19 Feb 2023 18:55:02 +0100
Subject: [PATCH] Avoid huffman tree buffer overrun in huffman_import_tree_rle

Issue #90
---
 src/libchdr_huffman.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libchdr_huffman.c b/src/libchdr_huffman.c
index 45c02d8..5162b95 100644
--- a/src/libchdr_huffman.c
+++ b/src/libchdr_huffman.c
@@ -212,6 +212,8 @@ enum huffman_error huffman_import_tree_rle(struct huffman_decoder* decoder, stru
 			else
 			{
 				int repcount = bitstream_read(bitbuf, numbits) + 3;
+				if (repcount + curnode > decoder->numcodes)
+					return HUFFERR_INVALID_DATA;
 				while (repcount--)
 					decoder->huffnode[curnode++].numbits = nodebits;
 			}