fix(combatlog): validate packed GUID bounds in attacker state parsers

src/game/packet_parsers_classic.cpp

@@ -489,9 +489,17 @@ bool ClassicPacketParsers::parseAttackerStateUpdate(network::Packet& packet, Att
     auto rem = [&]() { return packet.getSize() - packet.getReadPos(); };
     if (rem() < 5) return false;  // hitInfo(4) + at least GUID mask byte(1)
 
+    const size_t startPos = packet.getReadPos();
     data.hitInfo      = packet.readUInt32();
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
     data.attackerGuid = UpdateObjectParser::readPackedGuid(packet); // PackedGuid in Vanilla
-    if (rem() < 1) return false;
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
     data.targetGuid   = UpdateObjectParser::readPackedGuid(packet); // PackedGuid in Vanilla
 
     if (rem() < 5) return false;  // int32 totalDamage + uint8 subDamageCount

src/game/world_packets.cpp

@@ -3343,7 +3343,15 @@ bool AttackerStateUpdateParser::parse(network::Packet& packet, AttackerStateUpda
 
     size_t startPos = packet.getReadPos();
     data.hitInfo = packet.readUInt32();
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
     data.attackerGuid = UpdateObjectParser::readPackedGuid(packet);
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
     data.targetGuid = UpdateObjectParser::readPackedGuid(packet);
 
     // Validate totalDamage + subDamageCount can be read (5 bytes)