phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-03-22 23:30:14 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

fix: correct TBC aura entry minimum-size guard from 13 to 15 bytes
Some checks are pending
Build / Build (arm64) (push) Waiting to run
Details
Build / Build (x86-64) (push) Waiting to run
Details
Build / Build (macOS arm64) (push) Waiting to run
Details
Build / Build (windows-arm64) (push) Waiting to run
Details
Build / Build (windows-x86-64) (push) Waiting to run
Details
Security / CodeQL (C/C++) (push) Waiting to run
Details
Security / Semgrep (push) Waiting to run
Details
Security / Sanitizer Build (ASan/UBSan) (push) Waiting to run
Details

Browse source 
Each SMSG_INIT/SET_EXTRA_AURA_INFO entry is 15 bytes:
  uint8 slot(1) + uint32 spellId(4) + uint8 effectIndex(1)
  + uint8 flags(1) + uint32 durationMs(4) + uint32 maxDurMs(4) = 15

The previous guard of 13 would allow the loop to start reading a
partial entry, silently returning zeroes for durationMs/maxDurMs
when 13-14 bytes remained in the packet.
This commit is contained in:
Kelsi 2026-03-11 03:49:54 -07:00
parent 144c87a72f
commit 2f0809b570
1 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

14
src/game/game_handler.cpp
View file

@ -5019,13 +5019,13 @@ void GameHandler::handlePacket(network::Packet& packet) {
std::chrono::duration_cast<std::chrono::milliseconds>( std::chrono::duration_cast<std::chrono::milliseconds>(
std::chrono::steady_clock::now().time_since_epoch()).count()); std::chrono::steady_clock::now().time_since_epoch()).count());
for (uint8_t i = 0; i < count && remaining() >= 13; i++) { for (uint8_t i = 0; i < count && remaining() >= 15; i++) {
uint8_t slot = packet.readUInt8(); uint8_t slot = packet.readUInt8(); // 1 byte
uint32_t spellId = packet.readUInt32(); uint32_t spellId = packet.readUInt32(); // 4 bytes
(void) packet.readUInt8(); // effectIndex (unused for slot display) (void) packet.readUInt8(); // effectIndex: 1 byte (unused for slot display)
uint8_t flags = packet.readUInt8(); uint8_t flags = packet.readUInt8(); // 1 byte
uint32_t durationMs = packet.readUInt32(); uint32_t durationMs = packet.readUInt32(); // 4 bytes
uint32_t maxDurMs = packet.readUInt32(); uint32_t maxDurMs = packet.readUInt32(); // 4 bytes — total 15 bytes per entry
if (auraList) { if (auraList) {
while (auraList->size() <= slot) auraList->push_back(AuraSlot{}); while (auraList->size() <= slot) auraList->push_back(AuraSlot{});