Fix: Corrupted savegame could crash the game by providing invalid gamelog enums. (#9045)

1 files changed, 9 insertions, 6 deletions

diff --git a/src/saveload/gamelog_sl.cpp b/src/saveload/gamelog_sl.cpp
index 6bff1b154..d68297c9a 100644
--- a/src/saveload/gamelog_sl.cpp
+++ b/src/saveload/gamelog_sl.cpp
@@ -107,8 +107,11 @@ static void Load_GLOG_common(LoggedAction *&gamelog_action, uint &gamelog_action
 	assert(gamelog_action == nullptr);
 	assert(gamelog_actions == 0);
 
-	GamelogActionType at;
-	while ((at = (GamelogActionType)SlReadByte()) != GLAT_NONE) {
+	byte type;
+	while ((type = SlReadByte()) != GLAT_NONE) {
+		if (type >= GLAT_END) SlErrorCorrupt("Invalid gamelog action type");
+		GamelogActionType at = (GamelogActionType)type;
+
 		gamelog_action = ReallocT(gamelog_action, gamelog_actions + 1);
 		LoggedAction *la = &gamelog_action[gamelog_actions++];
 
@@ -118,8 +121,10 @@ static void Load_GLOG_common(LoggedAction *&gamelog_action, uint &gamelog_action
 		la->change = nullptr;
 		la->changes = 0;
 
-		GamelogChangeType ct;
-		while ((ct = (GamelogChangeType)SlReadByte()) != GLCT_NONE) {
+		while ((type = SlReadByte()) != GLCT_NONE) {
+			if (type >= GLCT_END) SlErrorCorrupt("Invalid gamelog change type");
+			GamelogChangeType ct = (GamelogChangeType)type;
+
 			la->change = ReallocT(la->change, la->changes + 1);
 
 			LoggedChange *lc = &la->change[la->changes++];
@@ -127,8 +132,6 @@ static void Load_GLOG_common(LoggedAction *&gamelog_action, uint &gamelog_action
 			memset(lc, 0, sizeof(*lc));
 			lc->ct = ct;
 
-			assert((uint)ct < GLCT_END);
-
 			SlObject(lc, _glog_desc[ct]);
 		}
 	}