From db371a391135d0e7a93b6fec29aa5deeb47afa7e Mon Sep 17 00:00:00 2001 From: Mr-X-GTA <110748953+Mr-X-GTA@users.noreply.github.com> Date: Mon, 13 May 2024 00:45:57 +0200 Subject: [PATCH] fix(script_event_handler): fix crash (#3105) --- src/hooks/protections/received_event.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/hooks/protections/received_event.cpp b/src/hooks/protections/received_event.cpp index 679942ba..aae1c867 100644 --- a/src/hooks/protections/received_event.cpp +++ b/src/hooks/protections/received_event.cpp @@ -453,18 +453,24 @@ namespace big case eNetworkEvents::SCRIPTED_GAME_EVENT: { const auto scripted_game_event = std::make_unique(); + buffer->ReadDword(&scripted_game_event->m_args_size, 32); - if (scripted_game_event->m_args_size - 1 <= 0x1AF) - buffer->ReadArray(&scripted_game_event->m_args, 8 * scripted_game_event->m_args_size); + if (scripted_game_event->m_args_size > sizeof(scripted_game_event->m_args)) + { + notify::crash_blocked(source_player, "out of bounds tse args size"); + g_pointers->m_gta.m_send_event_ack(event_manager, source_player, target_player, event_index, event_handled_bitset); + return; + } + + buffer->ReadArray(&scripted_game_event->m_args, 8 * scripted_game_event->m_args_size); if (hooks::scripted_game_event(scripted_game_event.get(), source_player)) { g_pointers->m_gta.m_send_event_ack(event_manager, source_player, target_player, event_index, event_handled_bitset); - return; } - buffer->Seek(0); + buffer->Seek(0); break; } case eNetworkEvents::NETWORK_CLEAR_PED_TASKS_EVENT: