From aade177d79259fee204fdac8a5fbaef603a957c9 Mon Sep 17 00:00:00 2001
From: Milek7 <Milek7@users.noreply.github.com>
Date: Sat, 17 Apr 2021 20:19:37 +0200
Subject: Fix: Corrupted savegame could cause heap corruption by writing
 outside link graph edge matrix. (#9046)

---
 src/saveload/linkgraph_sl.cpp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/saveload')

diff --git a/src/saveload/linkgraph_sl.cpp b/src/saveload/linkgraph_sl.cpp
index a597edfc4..f571e331a 100644
--- a/src/saveload/linkgraph_sl.cpp
+++ b/src/saveload/linkgraph_sl.cpp
@@ -151,6 +151,7 @@ void SaveLoad_LinkGraph(LinkGraph &lg)
 		} else {
 			/* ... but as that wasted a lot of space we save a sparse matrix now. */
 			for (NodeID to = from; to != INVALID_NODE; to = lg.edges[from][to].next_edge) {
+				if (to >= size) SlErrorCorrupt("Link graph structure overflow");
 				SlObject(&lg.edges[from][to], _edge_desc);
 			}
 		}
-- 
cgit v1.2.3-54-g00ecf