From 842771cb1014fb50e0250b4e934d46a4e44929ff Mon Sep 17 00:00:00 2001
From: Kelsi <kelsihates2fa@gmail.com>
Date: Fri, 13 Mar 2026 23:40:39 -0700
Subject: [PATCH] fix(combatlog): validate tbc spelllogexecute effect GUIDs

---
 src/game/game_handler.cpp | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/game/game_handler.cpp b/src/game/game_handler.cpp
index 0c229108..5d3dbec4 100644
--- a/src/game/game_handler.cpp
+++ b/src/game/game_handler.cpp
@@ -6432,9 +6432,12 @@ void GameHandler::handlePacket(network::Packet& packet) {
                 if (effectType == 10) {
                     // SPELL_EFFECT_POWER_DRAIN: packed_guid target + uint32 amount + uint32 powerType + float multiplier
                     for (uint32_t li = 0; li < effectLogCount; ++li) {
-                        if (packet.getSize() - packet.getReadPos() < 1) break;
+                        const size_t guidBytes = exeTbcLike ? 8u : 1u;
+                        if (packet.getSize() - packet.getReadPos() < guidBytes) {
+                            packet.setReadPos(packet.getSize()); break;
+                        }
                         uint64_t drainTarget = exeTbcLike
-                            ? (packet.getSize() - packet.getReadPos() >= 8 ? packet.readUInt64() : 0)
+                            ? packet.readUInt64()
                             : UpdateObjectParser::readPackedGuid(packet);
                         if (packet.getSize() - packet.getReadPos() < 12) { packet.setReadPos(packet.getSize()); break; }
                         uint32_t drainAmount = packet.readUInt32();
@@ -6454,9 +6457,12 @@ void GameHandler::handlePacket(network::Packet& packet) {
                 } else if (effectType == 11) {
                     // SPELL_EFFECT_HEALTH_LEECH: packed_guid target + uint32 amount + float multiplier
                     for (uint32_t li = 0; li < effectLogCount; ++li) {
-                        if (packet.getSize() - packet.getReadPos() < 1) break;
+                        const size_t guidBytes = exeTbcLike ? 8u : 1u;
+                        if (packet.getSize() - packet.getReadPos() < guidBytes) {
+                            packet.setReadPos(packet.getSize()); break;
+                        }
                         uint64_t leechTarget = exeTbcLike
-                            ? (packet.getSize() - packet.getReadPos() >= 8 ? packet.readUInt64() : 0)
+                            ? packet.readUInt64()
                             : UpdateObjectParser::readPackedGuid(packet);
                         if (packet.getSize() - packet.getReadPos() < 8) { packet.setReadPos(packet.getSize()); break; }
                         uint32_t leechAmount = packet.readUInt32();
@@ -6496,9 +6502,12 @@ void GameHandler::handlePacket(network::Packet& packet) {
                 } else if (effectType == 26) {
                     // SPELL_EFFECT_INTERRUPT_CAST: packed_guid target + uint32 interrupted_spell_id
                     for (uint32_t li = 0; li < effectLogCount; ++li) {
-                        if (packet.getSize() - packet.getReadPos() < 1) break;
+                        const size_t guidBytes = exeTbcLike ? 8u : 1u;
+                        if (packet.getSize() - packet.getReadPos() < guidBytes) {
+                            packet.setReadPos(packet.getSize()); break;
+                        }
                         uint64_t icTarget = exeTbcLike
-                            ? (packet.getSize() - packet.getReadPos() >= 8 ? packet.readUInt64() : 0)
+                            ? packet.readUInt64()
                             : UpdateObjectParser::readPackedGuid(packet);
                         if (packet.getSize() - packet.getReadPos() < 4) { packet.setReadPos(packet.getSize()); break; }
                         uint32_t icSpellId = packet.readUInt32();