From d4370e7c5d7fe6278aaf6e9111c4c14f8457a655 Mon Sep 17 00:00:00 2001
From: Eduardo Bart <edub4rt@gmail.com>
Date: Wed, 24 Oct 2012 18:51:57 -0200
Subject: [PATCH] Fix issue #127

---
 src/otclient/spritemanager.cpp | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/src/otclient/spritemanager.cpp b/src/otclient/spritemanager.cpp
index a3a6184e..6ff08670 100644
--- a/src/otclient/spritemanager.cpp
+++ b/src/otclient/spritemanager.cpp
@@ -102,16 +102,11 @@ ImagePtr SpriteManager::getSpriteImage(int id)
         int read = 0;
 
         // decompress pixels
-        while(read < pixelDataSize) {
+        while(read < pixelDataSize && writePos < SPRITE_DATA_SIZE) {
             uint16 transparentPixels = m_spritesFile->getU16();
             uint16 coloredPixels = m_spritesFile->getU16();
 
-            if(writePos + transparentPixels*4 + coloredPixels*3 >= SPRITE_DATA_SIZE) {
-                g_logger.warning(stdext::format("corrupt sprite id %d", id));
-                return nullptr;
-            }
-
-            for(int i = 0; i < transparentPixels; i++) {
+            for(int i = 0; i < transparentPixels && writePos < SPRITE_DATA_SIZE; i++) {
                 pixels[writePos + 0] = 0x00;
                 pixels[writePos + 1] = 0x00;
                 pixels[writePos + 2] = 0x00;
@@ -119,12 +114,11 @@ ImagePtr SpriteManager::getSpriteImage(int id)
                 writePos += 4;
             }
 
-            for(int i = 0; i < coloredPixels; i++) {
+            for(int i = 0; i < coloredPixels && writePos < SPRITE_DATA_SIZE; i++) {
                 pixels[writePos + 0] = m_spritesFile->getU8();
                 pixels[writePos + 1] = m_spritesFile->getU8();
                 pixels[writePos + 2] = m_spritesFile->getU8();
                 pixels[writePos + 3] = 0xFF;
-
                 writePos += 4;
             }