fix: harden Turtle movement block parser with bounds checks

The Turtle parseMovementBlock had no bounds checking on any reads. Since Packet::readUInt8() returns 0 past the end without failing, the parser could "succeed" with all-zero garbage data, then subsequent parseUpdateFields would read from wrong positions, producing "truncated field value" and "truncated update mask" errors. Added bounds checks before every conditional read section (transport, swimming pitch, fall time, jumping, spline elevation, speeds, spline data, tail flags). Also removed the WotLK movement block fallback from the Turtle parser chain — WotLK format is fundamentally incompatible (uint16 flags, 9 speeds) and false-positive parses corrupt NPC data. Also changed spline pointCount > 256 from cap-to-zero to return false so the parser correctly fails instead of silently dropping waypoints.
2026-03-25 00:20:16 +00:00 · 2026-03-18 07:39:40 -07:00 · 2026-03-18 07:39:40 -07:00 · 0a04a00234
commit 0a04a00234
parent ce3caf0438
2 changed files with 32 additions and 9 deletions
--- a/src/game/world_packets.cpp
+++ b/src/game/world_packets.cpp
@ -1024,7 +1024,7 @@ bool UpdateObjectParser::parseMovementBlock(network::Packet& packet, UpdateBlock
            /*float splineElevation =*/ packet.readFloat();
        }

-        // Speeds (7 speed values)
+        // Speeds (9 values in WotLK: walk/run/runBack/swim/swimBack/flight/flightBack/turn/pitch)
        /*float walkSpeed =*/ packet.readFloat();
        float runSpeed = packet.readFloat();
        /*float runBackSpeed =*/ packet.readFloat();