FileAccessPack::get_buffer moves the cursor past the end of file

[andreymal]

Tested versions

4.2.stable (exported only)

System information

Linux

Issue description

This line is the bug:

godot/core/io/file_access_pack.cpp

Line 330 in a311a4b

pos += p_length;

p_length is the buffer length provided by the user, but this line does not check if the result is bigger than the length of the file.

As a result, when user tries to get a buffer that is bigger than the file (something like file.get_buffer(99999999)), file.get_position() may be bigger than file.get_length().

It doesn't break Godot directly, but breaks any calculations based on get_position(). For example, it breaks relative seeking.

There is another variable t_read which is checked and should probably be used instead:

godot/core/io/file_access_pack.cpp

Lines 324 to 328 in a311a4b

	int64_t to_read = p_length;
	if (to_read + pos > pf.size) {
	eof = true;
	to_read = (int64_t)pf.size - (int64_t)pos;
	}

Steps to reproduce

Since this is a bug in FileAccessPack, it is only reproducible in exported projects (something like FileAccessUnix doesn't have this bug, so it can't be reproduced in the editor).

To reproduce, try to file.get_buffer(99999999) and then use file.get_position() for something.

Minimal reproduction project (MRP)

I made a simple script that attempts to make a relative seeking and breaks because of this bug:

FileAccessPackTest.zip