From 3d1ba42f428c6b920240e208c854b0bcd5d664b1 Mon Sep 17 00:00:00 2001
From: jackpoz <giacomopoz@gmail.com>
Date: Sat, 2 Dec 2017 12:56:23 +0100
Subject: Core/Misc: Fix out of bounds access on startup

Fix out of bound access on startup trying to access SpellEffects with ID greater than max allowed/known.
Reported by AddressSanitizer .
---
 src/server/game/Spells/SpellMgr.cpp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'src')

diff --git a/src/server/game/Spells/SpellMgr.cpp b/src/server/game/Spells/SpellMgr.cpp
index f7534e49503..b3a37a2073c 100644
--- a/src/server/game/Spells/SpellMgr.cpp
+++ b/src/server/game/Spells/SpellMgr.cpp
@@ -2542,6 +2542,22 @@ void SpellMgr::LoadSpellInfoStore()
     for (SpellEntry const* spellEntry : sSpellStore)
         mSpellInfoMap[spellEntry->Id] = new SpellInfo(spellEntry);
 
+    for (uint32 spellIndex = 0; spellIndex < GetSpellInfoStoreSize(); ++spellIndex)
+    {
+        if (!mSpellInfoMap[spellIndex])
+            continue;
+
+        for (uint32 effectIndex = 0; effectIndex < MAX_SPELL_EFFECTS; ++effectIndex)
+        {
+            if (mSpellInfoMap[spellIndex]->Effects[effectIndex].Effect >= TOTAL_SPELL_EFFECTS)
+            {
+                TC_LOG_ERROR("sql.sql", "Spell (Entry: %u) has `Effect` '%u' greater than max allowed value '%u', removing", spellIndex, mSpellInfoMap[spellIndex]->Effects[effectIndex].Effect, (TOTAL_SPELL_EFFECTS - 1));
+                mSpellInfoMap[spellIndex]->Effects[effectIndex].Effect = 0;
+            }
+        }
+    }
+
+
     TC_LOG_INFO("server.loading", ">> Loaded SpellInfo store in %u ms", GetMSTimeDiffToNow(oldMSTime));
 }
 
-- 
cgit v1.2.3