From a1575ec67875b741a2a0ff3d43e9f8cfccc0962a Mon Sep 17 00:00:00 2001
From: Kelsi <kelsihates2fa@gmail.com>
Date: Sun, 29 Mar 2026 20:26:58 -0700
Subject: [PATCH] fix: WDT MWMO parser used unbounded strlen on chunk data

std::strlen on raw MWMO chunk data has no upper bound if the chunk
lacks a null terminator (truncated/corrupt WDT file). Replaced with
strnlen bounded by chunkSize, matching the ADT parser fix in d776226f.
---
 src/pipeline/wdt_loader.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pipeline/wdt_loader.cpp b/src/pipeline/wdt_loader.cpp
index dde1bb94..cb59cec5 100644
--- a/src/pipeline/wdt_loader.cpp
+++ b/src/pipeline/wdt_loader.cpp
@@ -69,7 +69,9 @@ WDTInfo parseWDT(const std::vector<uint8_t>& data) {
             // Null-terminated WMO path string(s)
             if (chunkSize > 0) {
                 const char* str = reinterpret_cast<const char*>(chunkData);
-                size_t len = std::strlen(str);
+                // Bound scan to chunkSize to avoid OOB read on truncated files
+                // (strlen has no upper bound if the data lacks a null terminator).
+                size_t len = strnlen(str, chunkSize);
                 if (len > 0) {
                     info.rootWMOPath = std::string(str, len);
                     LOG_DEBUG("WDT root WMO: ", info.rootWMOPath);