From b3b2f1d1a78abd92290e5740758be06e95651b42 Mon Sep 17 00:00:00 2001
From: Ted John <ted@brambles.org>
Date: Thu, 29 Sep 2016 17:52:16 +0100
Subject: [PATCH] Fix #3934: Crash upon loading scenario

---
 src/object.h                 |  2 +-
 src/object/ObjectManager.cpp |  2 +-
 src/object_list.c            | 11 ++++++++---
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/object.h b/src/object.h
index a0b6215c40..f00ec217c5 100644
--- a/src/object.h
+++ b/src/object.h
@@ -112,7 +112,7 @@ bool object_load_entries(rct_object_entry* entries);
 int object_load_packed(SDL_RWops* rw);
 bool object_saved_packed(SDL_RWops* rw, const rct_object_entry * entry);
 
-int check_object_entry(const rct_object_entry *entry);
+bool object_entry_is_empty(const rct_object_entry *entry);
 bool object_entry_compare(const rct_object_entry *a, const rct_object_entry *b);
 int object_calculate_checksum(const rct_object_entry * entry, const void * data, size_t dataLength);
 int find_object_in_entry_group(const rct_object_entry* entry, uint8* entry_type, uint8* entry_index);
diff --git a/src/object/ObjectManager.cpp b/src/object/ObjectManager.cpp
index 849f12ceb2..0f083c0d22 100644
--- a/src/object/ObjectManager.cpp
+++ b/src/object/ObjectManager.cpp
@@ -413,7 +413,7 @@ private:
         {
             const rct_object_entry * entry = &entries[i];
             const ObjectRepositoryItem * ori = nullptr;
-            if (check_object_entry(entry))
+            if (!object_entry_is_empty(entry))
             {
                 ori = _objectRepository->FindObject(entry);
                 if (ori == nullptr)
diff --git a/src/object_list.c b/src/object_list.c
index ee5b63c625..3553bce5b6 100644
--- a/src/object_list.c
+++ b/src/object_list.c
@@ -107,10 +107,15 @@ const rct_object_entry_group object_entry_groups[] = {
 	(void**)(gStexEntries				), _objectEntriesStexs,	// scenario text	0x009ADAE4, 0xF4287C
 };
 
-int check_object_entry(const rct_object_entry *entry)
+bool object_entry_is_empty(const rct_object_entry *entry)
 {
-	uint32 *dwords = (uint32*)entry;
-	return (0xFFFFFFFF & dwords[0] & dwords[1] & dwords[2] & dwords[3]) + 1 != 0;
+	uint64 a, b;
+	memcpy(&a, (uint8 *)entry, 8);
+	memcpy(&b, (uint8 *)entry + 4, 8);
+
+	if (a == 0xFFFFFFFFFFFFFFFF && b == 0xFFFFFFFFFFFFFFFF) return true;
+	if (a == 0 && b == 0) return true;
+	return false;
 }
 
 /**