Core/SAI: Reduce the chance of infinite loops/stack overflows (#25398)

Fixes #24092 (cherry picked from commit a58aeb41f4)
2026-01-15 23:20:36 +01:00 · 2020-09-04 21:25:58 +02:00
parent 1a86bab4d8
commit 4dff5bd09b
2 changed files with 25 additions and 8 deletions
--- a/src/server/game/AI/SmartScripts/SmartScript.cpp
+++ b/src/server/game/AI/SmartScripts/SmartScript.cpp
@@ -63,6 +63,7 @@ SmartScript::SmartScript()
    isProcessingTimedActionList = false;
    mCurrentPriority = 0;
    mEventSortingRequired = false;
+    mNestedEventsCounter = 0;
 }

 SmartScript::~SmartScript()
@@ -233,16 +234,28 @@ void SmartScript::ResetBaseObject()

 void SmartScript::ProcessEventsFor(SMART_EVENT e, Unit* unit, uint32 var0, uint32 var1, bool bvar, SpellInfo const* spell, GameObject* gob, std::string const& varString)
 {
-    for (SmartScriptHolder& event : mEvents)
-    {
-        SMART_EVENT eventType = SMART_EVENT(event.GetEventType());
-        if (eventType == SMART_EVENT_LINK)//special handling
-            continue;
+    mNestedEventsCounter++;

-        if (eventType == e)
-            if (sConditionMgr->IsObjectMeetingSmartEventConditions(event.entryOrGuid, event.event_id, event.source_type, unit, GetBaseObject()))
-                ProcessEvent(event, unit, var0, var1, bvar, spell, gob, varString);
+    // Allow only a fixed number of nested ProcessEventsFor calls
+    if (mNestedEventsCounter > MAX_NESTED_EVENTS)
+    {
+        TC_LOG_WARN("scripts.ai", "SmartScript::ProcessEventsFor: reached the limit of max allowed nested ProcessEventsFor() calls with event %u, skipping!\n%s", e, GetBaseObject()->GetDebugInfo().c_str());
    }
+    else
+    {
+        for (SmartScriptHolder& event : mEvents)
+        {
+            SMART_EVENT eventType = SMART_EVENT(event.GetEventType());
+            if (eventType == SMART_EVENT_LINK)//special handling
+                continue;
+
+            if (eventType == e)
+                if (sConditionMgr->IsObjectMeetingSmartEventConditions(event.entryOrGuid, event.event_id, event.source_type, unit, GetBaseObject()))
+                    ProcessEvent(event, unit, var0, var1, bvar, spell, gob, varString);
+        }
+    }
+
+    --mNestedEventsCounter;
 }

 void SmartScript::ProcessAction(SmartScriptHolder& e, Unit* unit, uint32 var0, uint32 var1, bool bvar, SpellInfo const* spell, GameObject* gob, std::string const& varString)
--- a/src/server/game/AI/SmartScripts/SmartScript.h
+++ b/src/server/game/AI/SmartScripts/SmartScript.h
@@ -136,6 +136,10 @@ class TC_GAME_API SmartScript
        bool mUseTextTimer;
        uint32 mCurrentPriority;
        bool mEventSortingRequired;
+        uint32 mNestedEventsCounter;
+
+        // Max number of nested ProcessEventsFor() calls to avoid infinite loops
+        static constexpr uint32 MAX_NESTED_EVENTS = 10;

        ObjectVectorMap _storedTargets;