phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-04-15 08:53:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix: validate splineMode in Classic spline parse to prevent desync

Browse source 
When a WotLK NPC has durationMod=0.0, the Classic-first spline parser
reads it as pointCount=0 and "succeeds", then consumes garbage bytes as
splineMode and endPoint. This desynchronizes the read position for all
subsequent update blocks in the packet, causing cascading failures
(truncated update mask, unknown update type) that leave NPCs without
displayIds — making them invisible.

Fix: after reading splineMode, reject the Classic parse if splineMode > 3
(valid values are 0-3) and fall through to the WotLK format parser.
This commit is contained in:
Kelsi 2026-03-23 11:09:15 -07:00
parent 503f9ed650
commit 1a3146395a
1 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/game/world_packets.cpp
View file

@ -1088,6 +1088,7 @@ bool UpdateObjectParser::parseMovementBlock(network::Packet& packet, UpdateBlock
// Helper: try to parse uncompressed spline points from current read position.
auto tryParseUncompressedSpline = [&](const char* tag) -> bool {
if (!bytesAvailable(4)) return false;
size_t prePointCount = packet.getReadPos();
uint32_t pc = packet.readUInt32();
if (pc > 256) return false;
size_t needed = static_cast<size_t>(pc) * 12ull + 13ull;
@ -1095,7 +1096,14 @@ bool UpdateObjectParser::parseMovementBlock(network::Packet& packet, UpdateBlock
for (uint32_t i = 0; i < pc; i++) {
packet.readFloat(); packet.readFloat(); packet.readFloat();
}
packet.readUInt8(); // splineMode
uint8_t splineMode = packet.readUInt8();
// Validate splineMode (0=Linear, 1=CatmullRom, 2=BezierSpline, 3=unused)
// Values > 3 indicate we misidentified the format (e.g. WotLK durationMod=0.0
// was read as pointCount=0, causing garbage to be read as splineMode).
if (splineMode > 3) {
packet.setReadPos(prePointCount);
return false;
}
packet.readFloat(); packet.readFloat(); packet.readFloat(); // endPoint
LOG_DEBUG(" Spline pointCount=", pc, " (", tag, ")");
return true;