From f6f15cc2046a30f2b6512579414000cf667f6ce4 Mon Sep 17 00:00:00 2001
From: Alibek Omarov <a1ba.omarov@gmail.com>
Date: Wed, 22 Jan 2025 20:00:13 +0300
Subject: [PATCH] engine: mod_studio: validate studio self-reported length
 before loading model

---
 engine/common/mod_studio.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/engine/common/mod_studio.c b/engine/common/mod_studio.c
index 45e50730..cc5fb544 100644
--- a/engine/common/mod_studio.c
+++ b/engine/common/mod_studio.c
@@ -868,7 +868,7 @@ void Mod_LoadStudioModel( model_t *mod, const void *buffer, qboolean *loaded )
 	mod->type = mod_studio;
 
 	phdr = R_StudioLoadHeader( mod, buffer );
-	if( !phdr )
+	if( !phdr || phdr->length < sizeof( studiohdr_t )) // garbage value in length
 		return;	// bad model
 
 #if !XASH_DEDICATED