From de9e5f8550ff371cbee673d862648d690617eb6d Mon Sep 17 00:00:00 2001
From: MysterD <myster@d>
Date: Tue, 11 Apr 2023 15:02:51 -0700
Subject: [PATCH] Fixed crash in smlua_set_sync_table_field_from_network()

---
 src/pc/lua/smlua_sync_table.c                  | 12 +++++++++++-
 src/pc/network/packets/packet_lua_sync_table.c |  2 ++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/pc/lua/smlua_sync_table.c b/src/pc/lua/smlua_sync_table.c
index cd2ae3d4d..570aa448f 100644
--- a/src/pc/lua/smlua_sync_table.c
+++ b/src/pc/lua/smlua_sync_table.c
@@ -271,7 +271,11 @@ static bool smlua_sync_table_send_field(u8 toLocalIndex, int stackIndex, bool al
 
     // send over the network
     if (!gLuaInitializingScript) {
-        network_send_lua_sync_table(toLocalIndex, seq, modRemoteIndex, sUnwoundLntsCount, sUnwoundLnts, &lntValue);
+        if (sUnwoundLntsCount < 2) {
+            LOG_ERROR("Sent sync table field packet with an invalid key count: %u", sUnwoundLntsCount);
+        } else {
+            network_send_lua_sync_table(toLocalIndex, seq, modRemoteIndex, sUnwoundLntsCount, sUnwoundLnts, &lntValue);
+        }
     }
 
 
@@ -311,6 +315,12 @@ void smlua_set_sync_table_field_from_network(u64 seq, u16 modRemoteIndex, u16 ln
         return;
     }
 
+    // sanity check key count
+    if (lntKeyCount < 2) {
+        LOG_ERROR("Received sync table field packet with an invalid key count: %u", lntKeyCount);
+        return;
+    }
+
     lua_getglobal(L, "_G"); // get global table
     lua_getfield(L, LUA_REGISTRYINDEX, mod->relativePath); // get the file's "global" table
     lua_remove(L, -2); // remove global table
diff --git a/src/pc/network/packets/packet_lua_sync_table.c b/src/pc/network/packets/packet_lua_sync_table.c
index fd950129d..fbe4e5a24 100644
--- a/src/pc/network/packets/packet_lua_sync_table.c
+++ b/src/pc/network/packets/packet_lua_sync_table.c
@@ -36,6 +36,7 @@ void network_send_lua_sync_table(u8 toLocalIndex, u64 seq, u16 modRemoteIndex, u
         //LOG_INFO("  %s", smlua_lnt_to_str(&lntKeys[i]));
     }
     //LOG_INFO("    -> %s", smlua_lnt_to_str(lntValue));
+    //LOG_INFO("  count %u", lntKeyCount);
 
     if (!packet_write_lnt(&p, lntValue)) { return; }
 
@@ -66,6 +67,7 @@ void network_receive_lua_sync_table(struct Packet* p) {
         //LOG_INFO("  %s", smlua_lnt_to_str(&lntKeys[i]));
     }
     //LOG_INFO("    -> %s", smlua_lnt_to_str(&lntValue));
+    //LOG_INFO("  count %u", lntKeyCount);
 
     if (!packet_read_lnt(p, &lntValue)) { goto cleanup; }