From 4561eb86964ddc86262b8128a34bfe28469883db Mon Sep 17 00:00:00 2001
From: Kelsi <kelsihates2fa@gmail.com>
Date: Sat, 14 Mar 2026 10:33:48 -0700
Subject: [PATCH] fix(combatlog): validate packed GUID bounds in spell start
 parser

---
 src/game/world_packets.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/game/world_packets.cpp b/src/game/world_packets.cpp
index 02c20a6c..cc04e449 100644
--- a/src/game/world_packets.cpp
+++ b/src/game/world_packets.cpp
@@ -3683,7 +3683,14 @@ bool SpellStartParser::parse(network::Packet& packet, SpellStartData& data) {
     if (packet.getSize() - packet.getReadPos() < 22) return false;
 
     size_t startPos = packet.getReadPos();
+    if (!hasFullPackedGuid(packet)) {
+        return false;
+    }
     data.casterGuid = UpdateObjectParser::readPackedGuid(packet);
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
     data.casterUnit = UpdateObjectParser::readPackedGuid(packet);
 
     // Validate remaining fixed fields (castCount + spellId + castFlags + castTime = 9 bytes)