fix(combatlog): validate packed GUID bounds in attacker state parsers

2026-03-25 00:20:16 +00:00 · 2026-03-14 10:48:20 -07:00 · 2026-03-14 10:48:20 -07:00 · 43cc2635ac
commit 43cc2635ac
parent 98267d6517
2 changed files with 17 additions and 1 deletions
--- a/src/game/world_packets.cpp
+++ b/src/game/world_packets.cpp
@ -3343,7 +3343,15 @@ bool AttackerStateUpdateParser::parse(network::Packet& packet, AttackerStateUpda

    size_t startPos = packet.getReadPos();
    data.hitInfo = packet.readUInt32();
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.attackerGuid = UpdateObjectParser::readPackedGuid(packet);
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.targetGuid = UpdateObjectParser::readPackedGuid(packet);

    // Validate totalDamage + subDamageCount can be read (5 bytes)