From 45508847e3d755ac3cb1c8efbf08e2915335a061 Mon Sep 17 00:00:00 2001
From: Kawe Mazidjatari <48657826+Mauler125@users.noreply.github.com>
Date: Fri, 31 May 2024 13:44:27 +0200
Subject: [PATCH] Engine: check for bitbuf overflow after reading voice data

---
 r5dev/engine/client/client.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/r5dev/engine/client/client.cpp b/r5dev/engine/client/client.cpp
index e85b9805..4c380ce6 100644
--- a/r5dev/engine/client/client.cpp
+++ b/r5dev/engine/client/client.cpp
@@ -537,6 +537,9 @@ bool CClient::VProcessVoiceData(CClient* pClient, CLC_VoiceData* pMsg)
 	char voiceDataBuffer[4096];
 	const int bitsRead = pMsg->m_DataIn.ReadBitsClamped(voiceDataBuffer, pMsg->m_nLength);
 
+	if (pMsg->m_DataIn.IsOverflowed())
+		return false;
+
 	CClient* const pAdj = AdjustShiftedThisPointer(pClient);
 	SV_BroadcastVoiceData(pAdj, Bits2Bytes(bitsRead), voiceDataBuffer);
 #endif // !CLIENT_DLL
@@ -556,6 +559,9 @@ bool CClient::VProcessDurangoVoiceData(CClient* pClient, CLC_DurangoVoiceData* p
 	char voiceDataBuffer[4096];
 	const int bitsRead = pMsg->m_DataIn.ReadBitsClamped(voiceDataBuffer, pMsg->m_nLength);
 
+	if (pMsg->m_DataIn.IsOverflowed())
+		return false;
+
 	CClient* const pAdj = AdjustShiftedThisPointer(pClient);
 	SV_BroadcastDurangoVoiceData(pAdj, Bits2Bytes(bitsRead), voiceDataBuffer,
 		pMsg->m_xid, pMsg->m_unknown, pMsg->m_useVoiceStream, pMsg->m_skipXidCheck);