fix(combatlog): fail spell go parse on truncated target lists

2026-03-22 23:30:14 +00:00 · 2026-03-14 10:56:04 -07:00 · 2026-03-14 10:56:04 -07:00 · 918762501f
commit 918762501f
parent ffa6dda4d9
1 changed files with 14 additions and 0 deletions
--- a/src/game/world_packets.cpp
+++ b/src/game/world_packets.cpp
@ -3758,11 +3758,14 @@ bool SpellGoParser::parse(network::Packet& packet, SpellGoData& data) {
    }
    const uint8_t storedHitLimit = std::min<uint8_t>(rawHitCount, 128);

+    bool truncatedTargets = false;
+
    data.hitTargets.reserve(storedHitLimit);
    for (uint16_t i = 0; i < rawHitCount; ++i) {
        // WotLK hit targets are packed GUIDs, like the caster and miss targets.
        if (!hasFullPackedGuid(packet)) {
            LOG_WARNING("Spell go: truncated hit targets at index ", i, "/", (int)rawHitCount);
+            truncatedTargets = true;
            break;
        }
        const uint64_t targetGuid = UpdateObjectParser::readPackedGuid(packet);
@ -3770,6 +3773,10 @@ bool SpellGoParser::parse(network::Packet& packet, SpellGoData& data) {
            data.hitTargets.push_back(targetGuid);
        }
    }
+    if (truncatedTargets) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.hitCount = static_cast<uint8_t>(data.hitTargets.size());

    // Validate missCount field exists
@ -3789,18 +3796,21 @@ bool SpellGoParser::parse(network::Packet& packet, SpellGoData& data) {
        // REFLECT additionally appends uint32 reflectSpellId + uint8 reflectResult.
        if (!hasFullPackedGuid(packet)) {
            LOG_WARNING("Spell go: truncated miss targets at index ", i, "/", (int)rawMissCount);
+            truncatedTargets = true;
            break;
        }
        SpellGoMissEntry m;
        m.targetGuid = UpdateObjectParser::readPackedGuid(packet);  // packed GUID in WotLK
        if (packet.getSize() - packet.getReadPos() < 1) {
            LOG_WARNING("Spell go: missing missType at miss index ", i, "/", (int)rawMissCount);
+            truncatedTargets = true;
            break;
        }
        m.missType = packet.readUInt8();
        if (m.missType == 11) {
            if (packet.getSize() - packet.getReadPos() < 5) {
                LOG_WARNING("Spell go: truncated reflect payload at miss index ", i, "/", (int)rawMissCount);
+                truncatedTargets = true;
                break;
            }
            (void)packet.readUInt32();
@ -3810,6 +3820,10 @@ bool SpellGoParser::parse(network::Packet& packet, SpellGoData& data) {
            data.missTargets.push_back(m);
        }
    }
+    if (truncatedTargets) {
+        packet.setReadPos(startPos);
+        return false;
+    }
    data.missCount = static_cast<uint8_t>(data.missTargets.size());

    LOG_DEBUG("Spell go: spell=", data.spellId, " hits=", (int)data.hitCount,