From a80461da80ed923e3f49f87ff7c8979f64b255ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Janiszewski?=
 <janisozaur@users.noreply.github.com>
Date: Wed, 12 Oct 2016 09:18:41 +0200
Subject: [PATCH] Fix #4553: crash due to accessing invalid sprite

Assertion gets hit when trying to get invalid sprite from
remove_peep_from_queue
---
 src/peep/peep.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/peep/peep.c b/src/peep/peep.c
index 5468214147..c09afd0dc3 100644
--- a/src/peep/peep.c
+++ b/src/peep/peep.c
@@ -2150,13 +2150,14 @@ void remove_peep_from_queue(rct_peep* peep)
 		return;
 	}
 
-	for (rct_peep* other_peep = GET_PEEP(ride->last_peep_in_queue[cur_station]);
-		ride->last_peep_in_queue[cur_station] != 0xFFFF;
-		other_peep = GET_PEEP(other_peep->next_in_queue)){
+	uint16 spriteId = ride->last_peep_in_queue[cur_station];
+	while (spriteId != 0xFFFF) {
+		rct_peep* other_peep = GET_PEEP(spriteId);
 		if (peep->sprite_index == other_peep->next_in_queue){
 			other_peep->next_in_queue = peep->next_in_queue;
 			return;
 		}
+		spriteId = other_peep->next_in_queue;
 	}
 }