From 446796db4b65df851e5ed41a0e90d3e10fe92910 Mon Sep 17 00:00:00 2001
From: Tomas Dittmann <chaosmeist3r@gmail.com>
Date: Thu, 6 Jul 2017 00:30:10 +0200
Subject: [PATCH] Prevent integer overflow in interest calculation (#5724)

Fixes #5635
---
 src/openrct2/management/finance.c | 15 ++++++++-------
 src/openrct2/network/network.h    |  2 +-
 2 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/openrct2/management/finance.c b/src/openrct2/management/finance.c
index 71a08e84f6..58ade2462b 100644
--- a/src/openrct2/management/finance.c
+++ b/src/openrct2/management/finance.c
@@ -125,17 +125,18 @@ void finance_pay_research()
  */
 void finance_pay_interest()
 {
-    money32 current_loan = gBankLoan;
-    uint8 current_interest = gBankLoanInterestRate;
-
-    // This variable uses the 64-bit type as the line below can involve multiplying very large numbers
-    // that will overflow money32 (e.g. in the Alton Towers RCT1 scenario)
-    money64 tempcost = (current_loan * 5 * current_interest) >> 14; // (5 * interest) / 2^14 is pretty close to
+    // This variable uses the 64-bit type as the computation below can involve multiplying very large numbers
+    // that will overflow money32 if the loan is greater than (1 << 31) / (5 * current_interest_rate)
+    money64 current_loan = gBankLoan;
+    uint8 current_interest_rate = gBankLoanInterestRate;
+    money32 interest_to_pay;
 
     if (gParkFlags & PARK_FLAGS_NO_MONEY)
         return;
 
-    finance_payment(tempcost, RCT_EXPENDITURE_TYPE_INTEREST);
+    interest_to_pay = (current_loan * 5 * current_interest_rate) >> 14;
+
+    finance_payment(interest_to_pay, RCT_EXPENDITURE_TYPE_INTEREST);
 }
 
 /**
diff --git a/src/openrct2/network/network.h b/src/openrct2/network/network.h
index a5bf1f9c49..3a3038ecf9 100644
--- a/src/openrct2/network/network.h
+++ b/src/openrct2/network/network.h
@@ -55,7 +55,7 @@ extern "C" {
 // This define specifies which version of network stream current build uses.
 // It is used for making sure only compatible builds get connected, even within
 // single OpenRCT2 version.
-#define NETWORK_STREAM_VERSION "25"
+#define NETWORK_STREAM_VERSION "26"
 #define NETWORK_STREAM_ID OPENRCT2_VERSION "-" NETWORK_STREAM_VERSION
 
 #ifdef __cplusplus