From a63282bc191a2dfd1cf6c10b9727a4eaf1e72042 Mon Sep 17 00:00:00 2001
From: steve robb <Steve.Robb@epicgames.com>
Date: Wed, 3 May 2023 10:01:54 -0400
Subject: [PATCH] Added guards to stop property size calculation overflowing.

#rb andriy.tylychko
#preflight 64523a0bc86798f65008c810

[CL 25317048 by steve robb in ue5-main branch]
---
 .../CoreUObject/Private/UObject/Property.cpp     | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/Engine/Source/Runtime/CoreUObject/Private/UObject/Property.cpp b/Engine/Source/Runtime/CoreUObject/Private/UObject/Property.cpp
index d85782490bf8..f2185c11bfc1 100644
--- a/Engine/Source/Runtime/CoreUObject/Private/UObject/Property.cpp
+++ b/Engine/Source/Runtime/CoreUObject/Private/UObject/Property.cpp
@@ -1377,6 +1377,14 @@ EConvertFromTypeResult FProperty::ConvertFromType(const FPropertyTag& Tag, FStru
 	return EConvertFromTypeResult::UseSerializeItem;
 }
 
+namespace UE::CoreUObject::Private
+{
+	[[noreturn]] void OnInvalidPropertySize(uint32 InvalidPropertySize, const FProperty* Prop)
+	{
+		UE_LOG(LogProperty, Fatal, TEXT("Invalid property size %u when linking property %s of size %d"), InvalidPropertySize, *Prop->GetFullName(), Prop->GetSize());
+		for (;;);
+	}
+}
 
 int32 FProperty::SetupOffset()
 {
@@ -1390,7 +1398,13 @@ int32 FProperty::SetupOffset()
 	{
 		Offset_Internal = Align(0, GetMinAlignment());
 	}
-	return Offset_Internal + GetSize();
+
+	uint32 UnsignedTotal = (uint32)Offset_Internal + (uint32)GetSize();
+	if (UnsignedTotal >= (uint32)MAX_int32)
+	{
+		UE::CoreUObject::Private::OnInvalidPropertySize(UnsignedTotal, this);
+	}
+	return (int32)UnsignedTotal;
 }
 
 void FProperty::SetOffset_Internal(int32 NewOffset)