From ca7bc5da5718e864992f6be0a5c6e9b0e0dfa281 Mon Sep 17 00:00:00 2001
From: Alexander 'z33ky' Hirsch <1zeeky@gmail.com>
Date: Mon, 23 Jun 2025 20:51:23 +0200
Subject: [PATCH] Guard Squirrel constructor_stub() invocations from invalid
 class parameters

This prevents manual invocations of the native class constructor for
non-class values or non-native classes.
---
 sp/src/vscript/vscript_squirrel.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/sp/src/vscript/vscript_squirrel.cpp b/sp/src/vscript/vscript_squirrel.cpp
index f2a27755..8acba22f 100644
--- a/sp/src/vscript/vscript_squirrel.cpp
+++ b/sp/src/vscript/vscript_squirrel.cpp
@@ -1548,7 +1548,15 @@ SQInteger destructor_stub_instance(SQUserPointer p, SQInteger size)
 SQInteger constructor_stub(HSQUIRRELVM vm)
 {
 	ScriptClassDesc_t* pClassDesc = nullptr;
-	sq_gettypetag(vm, 1, (SQUserPointer*)&pClassDesc);
+	if (SQ_FAILED(sq_gettypetag(vm, 1, (SQUserPointer*)&pClassDesc)))
+	{
+		return sq_throwerror(vm, "Expected native class");
+	}
+
+	if (!pClassDesc || (void*)pClassDesc == TYPETAG_VECTOR)
+	{
+		return sq_throwerror(vm, "Unable to obtain native class description");
+	}
 
 	if (!pClassDesc->m_pfnConstruct)
 	{