From 4e93b4125b1aafaa9be39d98d8da785c211677e9 Mon Sep 17 00:00:00 2001
From: Daniel GP <96537843+DaniGP17@users.noreply.github.com>
Date: Tue, 25 Feb 2025 13:52:01 +0100
Subject: [PATCH] fix(gta-core-five): out bound alternate variation cache

Co-Authored-By: slashkeyvalue <59461439+slashkeyvalue@users.noreply.github.com>
---
 .../src/PedAlternateVariationCache.cpp        | 20 +++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/code/components/gta-core-five/src/PedAlternateVariationCache.cpp b/code/components/gta-core-five/src/PedAlternateVariationCache.cpp
index de3bc3612e..ab585c2300 100644
--- a/code/components/gta-core-five/src/PedAlternateVariationCache.cpp
+++ b/code/components/gta-core-five/src/PedAlternateVariationCache.cpp
@@ -92,16 +92,24 @@ static void AddAlternateVariationsCacheEntry(TAlternateVariationsCache* cacheMap
 
 static void LoadAlternateVariationSwitches(TAlternateVariationsSwitchSet* switchSet, atArray<AlternateVariationsSwitchAsset>* outArray)
 {
-	uint16_t index = 0;
+	outArray->m_count = 0;
 
 	for (auto cacheEntry : *switchSet)
 	{
+		// outArray is stored on stack so we want
+		// to prevent atArray->Set from expanding it
+		// and possiblity causing issues
+		if (outArray->m_count >= outArray->GetSize())
+		{
+			trace("Overflowing alternates array max=%i dlcNameHash=%08X\n", outArray->GetSize(), cacheEntry->data.dlcNameHash);
+			continue;
+		}
+		
 		// rough but will work
 		auto switchAsset = *(AlternateVariationsSwitchAsset*)&cacheEntry->data;
-		outArray->Set(index++, std::move(switchAsset));
+		assert(outArray->m_count < outArray->GetSize());
+		outArray->Set(outArray->m_count++, std::move(switchAsset));
 	}
-
-	outArray->m_count = index;
 }
 
 static void ClearAlternateVariationsCache()
@@ -139,8 +147,6 @@ static bool GetAlternateVariationSwitchesByIndex(AlternateVariationsPed* pedEntr
 		return g_origGetAlternateVariationSwitchesByIndex(pedEntry, component, index, dlcNameHash, outArray);
 	}
 
-	outArray->m_count = 0;
-
 	if (auto cachedSwitches = GetAlternateVariationsCacheEntry(&g_cachedAlternatesByIndex, pedEntry->name, dlcNameHash, component, index))
 	{
 		LoadAlternateVariationSwitches(cachedSwitches, outArray);
@@ -158,8 +164,6 @@ static bool GetAlternateVariationSwitchesByAnchor(AlternateVariationsPed* pedEnt
 		return g_origGetAlternateVariationSwitchesByAnchor(pedEntry, component, anchor, dlcNameHash, outArray);
 	}
 
-	outArray->m_count = 0;
-
 	if (auto cachedSwitches = GetAlternateVariationsCacheEntry(&g_cachedAlternatesByAnchor, pedEntry->name, dlcNameHash, component, anchor))
 	{
 		LoadAlternateVariationSwitches(cachedSwitches, outArray);