Motivation

• Close an unsafe decompression path introduced in the base resource loader where any non-empty loose resource could be treated as RNC and fed to the unpacker without size or result validation.
• Prevent out-of-bounds reads, uncontrolled allocations, crashes, or potential memory corruption when parsing malformed or attacker-controlled loose assets (including DOS Amiga-audio replacements).

Description

• In Source/Resources.cpp added a minimum-header length guard (RNCHeaderSize = 18) to avoid reading header fields from short buffers.
• Read and validate the packed-size field and ensure PackedSize <= (buffer_size - RNCHeaderSize), and reject zero or excessively large unpacked sizes with a 64 MiB cap (MaxUnpackedSize).
• Allocate the unpack buffer only after validation and call rnc_unpack, then verify the unpacker return value matches the expected unpacked size and fall back to returning the original buffer on any failure.
• The changes are localized to cResources::fileDeRNC to provide a minimal defense-in-depth fix while preserving existing resource-loading behavior for valid data.

Testing

• No automated tests were executed for this patch.

Codex Task