From 8c670fa40febdc22b1ad0c94b139b8a378845a8c Mon Sep 17 00:00:00 2001
From: s1lentq <s1lentsk@yandex.ru>
Date: Tue, 4 Jul 2023 01:48:13 +0700
Subject: [PATCH] GetBonePosition/GetAttachment: Added index bounds check

---
 reapi/src/natives/natives_common.cpp |  6 ++---
 reapi/src/reapi_utils.cpp            | 36 +++++++++++++++++++++-------
 reapi/src/reapi_utils.h              |  4 ++--
 3 files changed, 32 insertions(+), 14 deletions(-)

diff --git a/reapi/src/natives/natives_common.cpp b/reapi/src/natives/natives_common.cpp
index 6315653..8b2b850 100644
--- a/reapi/src/natives/natives_common.cpp
+++ b/reapi/src/natives/natives_common.cpp
@@ -236,7 +236,7 @@ cell AMX_NATIVE_CALL amx_GetBonePosition(AMX *amx, cell *params)
 */
 cell AMX_NATIVE_CALL amx_GetAttachment(AMX *amx, cell *params)
 {
-	enum args_e { arg_count, arg_index, arg_bone, arg_attachment, arg_angles };
+	enum args_e { arg_count, arg_index, arg_attachment, arg_origin, arg_angles };
 
 	CHECK_ISENTITY(arg_index);
 
@@ -251,9 +251,9 @@ cell AMX_NATIVE_CALL amx_GetAttachment(AMX *amx, cell *params)
 		return FALSE;
 	}
 
-	Vector *pVecOrigin = (Vector *)getAmxAddr(amx, params[arg_attachment]);
+	Vector *pVecOrigin = (Vector *)getAmxAddr(amx, params[arg_origin]);
 	Vector *pVecAngles = (PARAMS_COUNT == 4) ? (Vector *)getAmxAddr(amx, params[arg_angles]) : nullptr;
-	GetAttachment(pEntity, params[arg_bone], pVecOrigin, pVecAngles);
+	GetAttachment(pEntity, params[arg_attachment], pVecOrigin, pVecAngles);
 	return TRUE;
 }
 
diff --git a/reapi/src/reapi_utils.cpp b/reapi/src/reapi_utils.cpp
index 2d30416..47394aa 100644
--- a/reapi/src/reapi_utils.cpp
+++ b/reapi/src/reapi_utils.cpp
@@ -97,7 +97,7 @@ CBaseEntity *GiveNamedItemInternal(AMX *amx, CBasePlayer *pPlayer, const char *p
 	return pEntity;
 }
 
-void StudioFrameAdvanceEnt(edict_t *pEdict)
+void StudioFrameAdvanceEnt(studiohdr_t *pstudiohdr, edict_t *pEdict)
 {
 	float flInterval = gpGlobals->time - pEdict->v.animtime;
 	if (flInterval <= 0.001f) {
@@ -109,10 +109,8 @@ void StudioFrameAdvanceEnt(edict_t *pEdict)
 		flInterval = 0.0f;
 	}
 
-	studiohdr_t *pstudiohdr = static_cast<studiohdr_t *>(GET_MODEL_PTR(pEdict));
-	if (!pstudiohdr) {
+	if (!pstudiohdr)
 		return;
-	}
 
 	if (pEdict->v.sequence >= pstudiohdr->numseq || pEdict->v.sequence < 0) {
 		return;
@@ -160,8 +158,18 @@ void GetBonePosition(CBaseEntity *pEntity, int iBone, Vector *pVecOrigin, Vector
 	Vector vecOrigin, vecAngles;
 	edict_t *pEdict = pEntity->edict();
 
+	if (pVecOrigin) *pVecOrigin = Vector(0, 0, 0);
+	if (pVecAngles) *pVecAngles = Vector(0, 0, 0);
+
+	studiohdr_t *pstudiohdr = static_cast<studiohdr_t *>(GET_MODEL_PTR(pEdict));
+	if (!pstudiohdr)
+		return;
+
+	if (iBone < 0 || iBone >= pstudiohdr->numbones)
+		return; // invalid bone
+
 	// force to update frame
-	StudioFrameAdvanceEnt(pEdict);
+	StudioFrameAdvanceEnt(pstudiohdr, pEdict);
 
 	pEntity->pev->angles.x = -pEntity->pev->angles.x;
 	GET_BONE_POSITION(pEdict, iBone, vecOrigin, vecAngles);
@@ -180,15 +188,25 @@ void GetBonePosition(CBaseEntity *pEntity, int iBone, Vector *pVecOrigin, Vector
 	}
 }
 
-void GetAttachment(CBaseEntity *pEntity, int iBone, Vector *pVecOrigin, Vector *pVecAngles)
+void GetAttachment(CBaseEntity *pEntity, int iAttachment, Vector *pVecOrigin, Vector *pVecAngles)
 {
 	Vector vecOrigin, vecAngles;
 	edict_t *pEdict = pEntity->edict();
 
-	// force to update frame
-	StudioFrameAdvanceEnt(pEdict);
+	if (pVecOrigin) *pVecOrigin = Vector(0, 0, 0);
+	if (pVecAngles) *pVecAngles = Vector(0, 0, 0);
 
-	GET_ATTACHMENT(pEdict, iBone, vecOrigin, vecAngles);
+	studiohdr_t *pstudiohdr = static_cast<studiohdr_t *>(GET_MODEL_PTR(pEdict));
+	if (!pstudiohdr)
+		return;
+
+	if (iAttachment < 0 || iAttachment >= pstudiohdr->numattachments)
+		return; // invalid attachment
+
+	// force to update frame
+	StudioFrameAdvanceEnt(pstudiohdr, pEdict);
+
+	GET_ATTACHMENT(pEdict, iAttachment, vecOrigin, vecAngles);
 
 	if (!pEntity->IsPlayer()) {
 		FixupAngles(pEdict, vecOrigin);
diff --git a/reapi/src/reapi_utils.h b/reapi/src/reapi_utils.h
index 994864c..7f26145 100644
--- a/reapi/src/reapi_utils.h
+++ b/reapi/src/reapi_utils.h
@@ -53,8 +53,8 @@ ModelName GetModelAuto(TeamName team);
 void UTIL_ServerPrint(const char *fmt, ...);
 CBaseEntity *GiveNamedItemInternal(AMX *amx, CBasePlayer *pPlayer, const char *pszItemName, const size_t uid = 0);
 
-void GetBonePosition(CBaseEntity *pEntity, int iBone, Vector *vecOrigin, Vector *vecAngles);
-void GetAttachment(CBaseEntity *pEntity, int iBone, Vector *pVecOrigin, Vector *pVecAngles);
+void GetBonePosition(CBaseEntity *pEntity, int iBone, Vector *pVecOrigin, Vector *pVecAngles);
+void GetAttachment(CBaseEntity *pEntity, int iAttachment, Vector *pVecOrigin, Vector *pVecAngles);
 void RemoveOrDropItem(CBasePlayer *pPlayer, CBasePlayerItem *pItem, GiveType type);
 
 const char *getATypeStr(AType type);