From 7c7909fb45684b95ea9ce32ab09eb824ffd28340 Mon Sep 17 00:00:00 2001
From: Matt <m.moninger.h@gmail.com>
Date: Sat, 11 May 2019 20:08:53 +0200
Subject: [PATCH 1/3] Fix #2294: Clients crashing the server with invalid
 object selection

---
 src/openrct2/actions/RideCreateAction.hpp | 36 ++++++++++++-----------
 1 file changed, 19 insertions(+), 17 deletions(-)

diff --git a/src/openrct2/actions/RideCreateAction.hpp b/src/openrct2/actions/RideCreateAction.hpp
index 05b3ee4cd6..8919268d04 100644
--- a/src/openrct2/actions/RideCreateAction.hpp
+++ b/src/openrct2/actions/RideCreateAction.hpp
@@ -30,7 +30,7 @@ class RideCreateGameActionResult final : public GameActionResult
 {
 public:
     RideCreateGameActionResult()
-        : GameActionResult(GA_ERROR::OK, 0)
+        : GameActionResult(GA_ERROR::OK, STR_NONE)
     {
     }
     RideCreateGameActionResult(GA_ERROR error, rct_string_id message)
@@ -44,15 +44,14 @@ public:
 DEFINE_GAME_ACTION(RideCreateAction, GAME_COMMAND_CREATE_RIDE, RideCreateGameActionResult)
 {
 private:
-    int32_t _rideType;
-    int32_t _subType;
-    uint8_t _colour1;
-    uint8_t _colour2;
+    int32_t _rideType{ RIDE_ID_NULL };
+    int32_t _subType{ RIDE_ENTRY_INDEX_NULL };
+    uint8_t _colour1{ 0xFF };
+    uint8_t _colour2{ 0xFF };
 
 public:
-    RideCreateAction()
-    {
-    }
+    RideCreateAction() = default;
+
     RideCreateAction(int32_t rideType, int32_t subType, int32_t colour1, int32_t colour2)
         : _rideType(rideType)
         , _subType(subType)
@@ -79,42 +78,45 @@ public:
         if (rideIndex == RIDE_ID_NULL)
         {
             // No more free slots available.
-            return std::make_unique<RideCreateGameActionResult>(GA_ERROR::NO_FREE_ELEMENTS, STR_TOO_MANY_RIDES);
+            return MakeResult(GA_ERROR::NO_FREE_ELEMENTS, STR_TOO_MANY_RIDES);
         }
 
         if (_rideType >= RIDE_TYPE_COUNT)
         {
-            return std::make_unique<RideCreateGameActionResult>(GA_ERROR::INVALID_PARAMETERS, STR_INVALID_RIDE_TYPE);
+            return MakeResult(GA_ERROR::INVALID_PARAMETERS, STR_INVALID_RIDE_TYPE);
         }
 
         int32_t rideEntryIndex = ride_get_entry_index(_rideType, _subType);
         if (rideEntryIndex >= 128)
         {
-            return std::make_unique<RideCreateGameActionResult>(GA_ERROR::INVALID_PARAMETERS, STR_INVALID_RIDE_TYPE);
+            return MakeResult(GA_ERROR::INVALID_PARAMETERS, STR_INVALID_RIDE_TYPE);
         }
 
         const track_colour_preset_list* colourPresets = &RideColourPresets[_rideType];
         if (_colour1 >= colourPresets->count)
         {
-            // FIXME: Add new error string.
-            return std::make_unique<RideCreateGameActionResult>(GA_ERROR::INVALID_PARAMETERS, STR_INVALID_RIDE_TYPE);
+            return MakeResult(GA_ERROR::INVALID_PARAMETERS, STR_NONE);
         }
 
         rct_ride_entry* rideEntry = get_ride_entry(rideEntryIndex);
+        if (rideEntry == nullptr)
+        {
+            return MakeResult(GA_ERROR::INVALID_PARAMETERS, STR_NONE);
+        }
+
         vehicle_colour_preset_list* presetList = rideEntry->vehicle_preset_list;
         if ((presetList->count > 0 && presetList->count != 255) && _colour2 >= presetList->count)
         {
-            // FIXME: Add new error string.
-            return std::make_unique<RideCreateGameActionResult>(GA_ERROR::INVALID_PARAMETERS, STR_INVALID_RIDE_TYPE);
+            return MakeResult(GA_ERROR::INVALID_PARAMETERS, STR_NONE);
         }
 
-        return std::make_unique<RideCreateGameActionResult>();
+        return MakeResult();
     }
 
     GameActionResult::Ptr Execute() const override
     {
         rct_ride_entry* rideEntry;
-        auto res = std::make_unique<RideCreateGameActionResult>();
+        auto res = MakeResult();
 
         int32_t rideEntryIndex = ride_get_entry_index(_rideType, _subType);
         ride_id_t rideIndex = ride_get_empty_slot();

From 46c9b8925951cba998d470eb8cf878d646a06d07 Mon Sep 17 00:00:00 2001
From: Matt <m.moninger.h@gmail.com>
Date: Sat, 11 May 2019 20:16:32 +0200
Subject: [PATCH 2/3] Update changelog.txt

---
 distribution/changelog.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/distribution/changelog.txt b/distribution/changelog.txt
index 45167eac71..73674304cb 100644
--- a/distribution/changelog.txt
+++ b/distribution/changelog.txt
@@ -11,6 +11,7 @@
 - Feature: [#9154] Change map toolbar icon with current viewport rotation.
 - Change: [#7877] Files are now sorted in logical rather than dictionary order.
 - Change: [#8688] Move common actions from debug menu into cheats menu.
+- Fix: [#2294] Clients crashing the server with invalid object selection.
 - Fix: [#5103] OpenGL: ride track preview not rendered.
 - Fix: [#5889] Giant screenshot does not work while using OpenGL renderer.
 - Fix: [#5579] Network desync immediately after connecting.

From 9561567b6c87fbec772766362137670431a75e56 Mon Sep 17 00:00:00 2001
From: Matt <m.moninger.h@gmail.com>
Date: Sat, 11 May 2019 21:38:28 +0200
Subject: [PATCH 3/3] Bump up network version

---
 src/openrct2/network/Network.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/openrct2/network/Network.cpp b/src/openrct2/network/Network.cpp
index 88c9eb6a34..55376637ec 100644
--- a/src/openrct2/network/Network.cpp
+++ b/src/openrct2/network/Network.cpp
@@ -32,7 +32,7 @@
 // This string specifies which version of network stream current build uses.
 // It is used for making sure only compatible builds get connected, even within
 // single OpenRCT2 version.
-#define NETWORK_STREAM_VERSION "25"
+#define NETWORK_STREAM_VERSION "26"
 #define NETWORK_STREAM_ID OPENRCT2_VERSION "-" NETWORK_STREAM_VERSION
 
 static Peep* _pickup_peep = nullptr;