From 08677a3322924f27aec53fdbfc16133760eaad4d Mon Sep 17 00:00:00 2001
From: Ted John <ted@brambles.org>
Date: Thu, 8 Aug 2019 12:55:14 +0100
Subject: [PATCH] Fix #9761: invalid read in ride_measurement_update

---
 src/openrct2/ride/Ride.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/openrct2/ride/Ride.cpp b/src/openrct2/ride/Ride.cpp
index 98bf0fc8aa..2b8e4ed0a6 100644
--- a/src/openrct2/ride/Ride.cpp
+++ b/src/openrct2/ride/Ride.cpp
@@ -2929,11 +2929,16 @@ static void ride_music_update(Ride* ride)
 static void ride_measurement_update(RideMeasurement* measurement)
 {
     auto ride = measurement->ride;
+    if (ride == nullptr || measurement->vehicle_index >= std::size(ride->vehicles))
+        return;
+
     auto spriteIndex = ride->vehicles[measurement->vehicle_index];
     if (spriteIndex == SPRITE_INDEX_NULL)
         return;
 
     auto vehicle = GET_VEHICLE(spriteIndex);
+    if (vehicle == nullptr)
+        return;
 
     if (measurement->flags & RIDE_MEASUREMENT_FLAG_UNLOADING)
     {