From 01a78ca2d1217c065f9bafa2bde82723dae60307 Mon Sep 17 00:00:00 2001
From: Marco Cawthorne <marco@vera-visions.com>
Date: Mon, 9 Sep 2024 00:11:28 -0700
Subject: [PATCH] sv_user.c: check if prydon cursor entnum is in range

---
 engine/server/sv_user.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/engine/server/sv_user.c b/engine/server/sv_user.c
index d89acafa5..2d02014b3 100644
--- a/engine/server/sv_user.c
+++ b/engine/server/sv_user.c
@@ -8051,6 +8051,10 @@ static void SV_ReadPrydonCursor(usercmd_t *cmd)
 	cmd->cursor_impact[2] = MSG_ReadFloat();
 	cmd->cursor_entitynumber = MSGSV_ReadEntity(host_client);
 
+	/* client is sending junk or trying to crash us -eukara */
+	if (cmd->cursor_entitynumber < 0 || cmd->cursor_entitynumber >= sv.world.num_edicts) {
+		cmd->cursor_entitynumber = 0;
+	}
 
 	if (svprogfuncs)
 	{