From 3f55e5364e69c0ce4d0011371afbad4153fc073e Mon Sep 17 00:00:00 2001
From: frosch <frosch@openttd.org>
Date: Sat, 9 May 2015 10:04:50 +0000
Subject: (svn r27278) -Fix: Handle savegames with an unexpected amount of
 industry-builder or NewGRF entity-mapping more gracefully.

---
 src/saveload/industry_sl.cpp | 10 ++++------
 src/saveload/newgrf_sl.cpp   |  2 +-
 src/saveload/saveload.cpp    |  2 ++
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/saveload/industry_sl.cpp b/src/saveload/industry_sl.cpp
index 658cfd2bd..34e857c6f 100644
--- a/src/saveload/industry_sl.cpp
+++ b/src/saveload/industry_sl.cpp
@@ -160,14 +160,12 @@ static void Save_ITBL()
 /** Load industry-type build data. */
 static void Load_ITBL()
 {
+	_industry_builder.Reset();
 	int index;
-	for (int i = 0; i < NUM_INDUSTRYTYPES; i++) {
-		index = SlIterateArray();
-		assert(index == i);
-		SlObject(_industry_builder.builddata + i, _industrytype_builder_desc);
+	while ((index = SlIterateArray()) != -1) {
+		if ((uint)index >= NUM_INDUSTRYTYPES) SlErrorCorrupt("Too many industry builder datas");
+		SlObject(_industry_builder.builddata + index, _industrytype_builder_desc);
 	}
-	index = SlIterateArray();
-	assert(index == -1);
 }
 
 extern const ChunkHandler _industry_chunk_handlers[] = {
diff --git a/src/saveload/newgrf_sl.cpp b/src/saveload/newgrf_sl.cpp
index cdfd0f317..dacc127ea 100644
--- a/src/saveload/newgrf_sl.cpp
+++ b/src/saveload/newgrf_sl.cpp
@@ -51,7 +51,7 @@ void Load_NewGRFMapping(OverrideManagerBase &mapping)
 
 	int index;
 	while ((index = SlIterateArray()) != -1) {
-		if ((uint)index >= max_id) break;
+		if ((uint)index >= max_id) SlErrorCorrupt("Too many NewGRF entity mappings");
 		SlObject(&mapping.mapping_ID[index], _newgrf_mapping_desc);
 	}
 }
diff --git a/src/saveload/saveload.cpp b/src/saveload/saveload.cpp
index b7c04fa74..bd3c83d13 100644
--- a/src/saveload/saveload.cpp
+++ b/src/saveload/saveload.cpp
@@ -1667,9 +1667,11 @@ static void SlLoadChunk(const ChunkHandler *ch)
 		case CH_ARRAY:
 			_sl.array_index = 0;
 			ch->load_proc();
+			if (_next_offs != 0) SlErrorCorrupt("Invalid array length");
 			break;
 		case CH_SPARSE_ARRAY:
 			ch->load_proc();
+			if (_next_offs != 0) SlErrorCorrupt("Invalid array length");
 			break;
 		default:
 			if ((m & 0xF) == CH_RIFF) {
-- 
cgit v1.2.3-54-g00ecf