Validate PayloadAlignment when loading CAS index headersb/fixups

CasContainerStrategy::ReadIndexFile previously accepted any nonzero
PayloadAlignment from the on-disk index header. The value is later
used as the multiplier in BlockStoreDiskLocation::GetOffset
((offset_bits_28) * PayloadAlignment) to translate packed disk
locations into block-file byte offsets.

A corrupt or malformed header with a non-power-of-two or outlandishly
large PayloadAlignment would silently skew every offset computed from
the loaded index, causing reads at wrong positions in block files.
The magic/version/checksum gate most corruption, but this is
defense-in-depth for bit-rot that happens to preserve the checksum,
and matches the power-of-two invariant that is already asserted when
the alignment is set at runtime (line 171).

Require IsPow2(PayloadAlignment) and cap at 4096 (sector-sized),
which covers the 16-byte default and leaves room for future tuning.

1 files changed, 1 insertions, 1 deletions

diff --git a/src/zenstore/compactcas.cpp b/src/zenstore/compactcas.cpp
index 815762e3b..58463dbf4 100644
--- a/src/zenstore/compactcas.cpp
+++ b/src/zenstore/compactcas.cpp
@@ -1141,7 +1141,7 @@ CasContainerStrategy::ReadIndexFile(const std::filesystem::path& IndexPath, uint
 		ObjectIndexFile.Read(&Header, sizeof(Header), 0);
 		if ((Header.Magic == CasDiskIndexHeader::ExpectedMagic) && (Header.Version == CasDiskIndexHeader::CurrentVersion) &&
 			(Header.Checksum == CasDiskIndexHeader::ComputeChecksum(Header)) && (Header.PayloadAlignment > 0) &&
-			(Header.EntryCount <= ExpectedEntryCount))
+			IsPow2(Header.PayloadAlignment) && (Header.PayloadAlignment <= 4096) && (Header.EntryCount <= ExpectedEntryCount))
 		{
 			m_PayloadAlignment = Header.PayloadAlignment;