fix(combatlog): validate packed GUID bounds in spell damage/heal logs

2026-03-22 23:30:14 +00:00 · 2026-03-14 13:51:37 -07:00 · 2026-03-14 13:51:37 -07:00 · 6ccfdc9d11
commit 6ccfdc9d11
parent 24a63beb3c
1 changed files with 16 additions and 0 deletions
--- a/src/game/world_packets.cpp
+++ b/src/game/world_packets.cpp
@ -3427,7 +3427,15 @@ bool SpellDamageLogParser::parse(network::Packet& packet, SpellDamageLogData& da
    if (packet.getSize() - packet.getReadPos() < 30) return false;

    size_t startPos = packet.getReadPos();
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.targetGuid = UpdateObjectParser::readPackedGuid(packet);
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.attackerGuid = UpdateObjectParser::readPackedGuid(packet);

    // Validate core fields (spellId + damage + overkill + schoolMask + absorbed + resisted = 21 bytes)
@ -3469,7 +3477,15 @@ bool SpellHealLogParser::parse(network::Packet& packet, SpellHealLogData& data)
    if (packet.getSize() - packet.getReadPos() < 21) return false;

    size_t startPos = packet.getReadPos();
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.targetGuid = UpdateObjectParser::readPackedGuid(packet);
+    if (!hasFullPackedGuid(packet)) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.casterGuid = UpdateObjectParser::readPackedGuid(packet);

    // Validate remaining fields (spellId + heal + overheal + absorbed + critFlag = 17 bytes)