From ed63b029cd6e31b97d44fa788eff08b9e443a18c Mon Sep 17 00:00:00 2001
From: Kelsi <kelsihates2fa@gmail.com>
Date: Sun, 29 Mar 2026 19:36:41 -0700
Subject: [PATCH] fix: getRemainingSize() underflowed when readPos exceeded
 data size

Both operands are size_t (unsigned), so if readPos > data.size() the
subtraction wrapped to ~0 instead of returning 0. This could happen
via setReadPos() which has no bounds check. Downstream hasRemaining()
was already safe but getRemainingSize() callers (e.g. hasFullPackedGuid)
would see billions of bytes available.
---
 include/network/packet.hpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/include/network/packet.hpp b/include/network/packet.hpp
index b773fc3c..744b6eae 100644
--- a/include/network/packet.hpp
+++ b/include/network/packet.hpp
@@ -35,7 +35,9 @@ public:
     const std::vector<uint8_t>& getData() const { return data; }
     size_t getReadPos() const { return readPos; }
     size_t getSize() const { return data.size(); }
-    size_t getRemainingSize() const { return data.size() - readPos; }
+    // Clamp to 0 instead of wrapping to ~(size_t)0 when readPos overshoots
+    // (can happen via setReadPos with an unchecked offset).
+    size_t getRemainingSize() const { return (readPos <= data.size()) ? (data.size() - readPos) : 0; }
     bool hasRemaining(size_t need) const { return readPos <= data.size() && need <= (data.size() - readPos); }
     bool hasFullPackedGuid() const {
         if (readPos >= data.size()) return false;