From 24a63beb3ce61485b9c723cbc63af94da67080d3 Mon Sep 17 00:00:00 2001
From: Kelsi <kelsihates2fa@gmail.com>
Date: Sat, 14 Mar 2026 13:44:37 -0700
Subject: [PATCH] fix(combatlog): reject truncated spell start target GUIDs

---
 src/game/packet_parsers_classic.cpp | 3 ++-
 src/game/packet_parsers_tbc.cpp     | 6 +++++-
 src/game/world_packets.cpp          | 7 ++++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/game/packet_parsers_classic.cpp b/src/game/packet_parsers_classic.cpp
index 1e801b6b..2dde86c7 100644
--- a/src/game/packet_parsers_classic.cpp
+++ b/src/game/packet_parsers_classic.cpp
@@ -374,7 +374,8 @@ bool ClassicPacketParsers::parseSpellStart(network::Packet& packet, SpellStartDa
     if (rem() < 2) return true;
     uint16_t targetFlags = packet.readUInt16();
     // TARGET_FLAG_UNIT (0x02) or TARGET_FLAG_OBJECT (0x800) carry a packed GUID
-    if (((targetFlags & 0x02) || (targetFlags & 0x800)) && hasFullPackedGuid(packet)) {
+    if ((targetFlags & 0x02) || (targetFlags & 0x800)) {
+        if (!hasFullPackedGuid(packet)) return false;
         data.targetGuid = UpdateObjectParser::readPackedGuid(packet);
     }
 
diff --git a/src/game/packet_parsers_tbc.cpp b/src/game/packet_parsers_tbc.cpp
index ca36930a..f12e86e5 100644
--- a/src/game/packet_parsers_tbc.cpp
+++ b/src/game/packet_parsers_tbc.cpp
@@ -1245,7 +1245,11 @@ bool TbcPacketParsers::parseSpellStart(network::Packet& packet, SpellStartData&
 
     if (packet.getReadPos() + 4 <= packet.getSize()) {
         uint32_t targetFlags = packet.readUInt32();
-        if ((targetFlags & 0x02) && packet.getReadPos() + 8 <= packet.getSize()) {
+        const bool needsTargetGuid = (targetFlags & 0x02) || (targetFlags & 0x800); // UNIT/OBJECT
+        if (needsTargetGuid) {
+            if (packet.getReadPos() + 8 > packet.getSize()) {
+                return false;
+            }
             data.targetGuid = packet.readUInt64();  // full GUID in TBC
         }
     }
diff --git a/src/game/world_packets.cpp b/src/game/world_packets.cpp
index 5a23e1c9..616e9633 100644
--- a/src/game/world_packets.cpp
+++ b/src/game/world_packets.cpp
@@ -3715,7 +3715,12 @@ bool SpellStartParser::parse(network::Packet& packet, SpellStartData& data) {
     // Read target flags and target (simplified)
     if (packet.getSize() - packet.getReadPos() >= 4) {
         uint32_t targetFlags = packet.readUInt32();
-        if ((targetFlags & 0x02) && hasFullPackedGuid(packet)) { // TARGET_FLAG_UNIT
+        const bool needsTargetGuid = (targetFlags & 0x02) || (targetFlags & 0x800); // UNIT/OBJECT
+        if (needsTargetGuid) {
+            if (!hasFullPackedGuid(packet)) {
+                packet.setReadPos(startPos);
+                return false;
+            }
             data.targetGuid = UpdateObjectParser::readPackedGuid(packet);
         }
     }