From 2f0809b57074ecb665057bed4bac67a80728581e Mon Sep 17 00:00:00 2001 From: Kelsi Date: Wed, 11 Mar 2026 03:49:54 -0700 Subject: [PATCH] fix: correct TBC aura entry minimum-size guard from 13 to 15 bytes Each SMSG_INIT/SET_EXTRA_AURA_INFO entry is 15 bytes: uint8 slot(1) + uint32 spellId(4) + uint8 effectIndex(1) + uint8 flags(1) + uint32 durationMs(4) + uint32 maxDurMs(4) = 15 The previous guard of 13 would allow the loop to start reading a partial entry, silently returning zeroes for durationMs/maxDurMs when 13-14 bytes remained in the packet. --- src/game/game_handler.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/game/game_handler.cpp b/src/game/game_handler.cpp index 81a05706..e9452785 100644 --- a/src/game/game_handler.cpp +++ b/src/game/game_handler.cpp @@ -5019,13 +5019,13 @@ void GameHandler::handlePacket(network::Packet& packet) { std::chrono::duration_cast( std::chrono::steady_clock::now().time_since_epoch()).count()); - for (uint8_t i = 0; i < count && remaining() >= 13; i++) { - uint8_t slot = packet.readUInt8(); - uint32_t spellId = packet.readUInt32(); - (void) packet.readUInt8(); // effectIndex (unused for slot display) - uint8_t flags = packet.readUInt8(); - uint32_t durationMs = packet.readUInt32(); - uint32_t maxDurMs = packet.readUInt32(); + for (uint8_t i = 0; i < count && remaining() >= 15; i++) { + uint8_t slot = packet.readUInt8(); // 1 byte + uint32_t spellId = packet.readUInt32(); // 4 bytes + (void) packet.readUInt8(); // effectIndex: 1 byte (unused for slot display) + uint8_t flags = packet.readUInt8(); // 1 byte + uint32_t durationMs = packet.readUInt32(); // 4 bytes + uint32_t maxDurMs = packet.readUInt32(); // 4 bytes — total 15 bytes per entry if (auraList) { while (auraList->size() <= slot) auraList->push_back(AuraSlot{});