From 8157af6d688f62c9aa0cbc561f84dc15936a8919 Mon Sep 17 00:00:00 2001
From: Charles Pigott <charlespigott@googlemail.com>
Date: Sun, 21 Feb 2021 17:33:26 +0000
Subject: Fix #8276: Crash when a NewGRF object's size was not set

---
 src/newgrf.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/newgrf.cpp')

diff --git a/src/newgrf.cpp b/src/newgrf.cpp
index b854c2801..660da389c 100644
--- a/src/newgrf.cpp
+++ b/src/newgrf.cpp
@@ -4053,6 +4053,7 @@ static ChangeInfoResult ObjectChangeInfo(uint id, int numinfo, int prop, ByteRea
 				if (*ospec == nullptr) {
 					*ospec = CallocT<ObjectSpec>(1);
 					(*ospec)->views = 1; // Default for NewGRFs that don't set it.
+					(*ospec)->size = 0x11; // Default for NewGRFs that manage to not set it (1x1)
 				}
 
 				/* Swap classid because we read it in BE. */
@@ -4078,6 +4079,10 @@ static ChangeInfoResult ObjectChangeInfo(uint id, int numinfo, int prop, ByteRea
 
 			case 0x0C: // Size
 				spec->size = buf->ReadByte();
+				if ((spec->size & 0xF0) == 0 || (spec->size & 0x0F) == 0) {
+					grfmsg(1, "ObjectChangeInfo: Invalid object size requested (%u) for object id %u. Ignoring.", spec->size, id + i);
+					spec->size = 0x11; // 1x1
+				}
 				break;
 
 			case 0x0D: // Build cost multipler
-- 
cgit v1.2.3-54-g00ecf