From bb2ae29699806e055cf38197d0ba52cd095914b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Janiszewski?= <janisozaur@gmail.com>
Date: Mon, 18 Jul 2016 19:11:52 +0200
Subject: [PATCH] Limit valid sprite indices when renaming peeps

---
 src/peep/peep.c  | 4 ++++
 src/peep/staff.c | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/peep/peep.c b/src/peep/peep.c
index 04668288a0..b2611441d9 100644
--- a/src/peep/peep.c
+++ b/src/peep/peep.c
@@ -10893,6 +10893,10 @@ money32 set_peep_name(int flags, int state, uint16 sprite_index, uint8* text_1,
 void game_command_set_guest_name(int *eax, int *ebx, int *ecx, int *edx, int *esi, int *edi, int *ebp) {
 	uint16 sprite_index = *ecx & 0xFFFF;
 
+	if (sprite_index >= MAX_SPRITES) {
+		*ebx = MONEY32_UNDEFINED;
+		return;
+	}
 	rct_peep *peep = GET_PEEP(sprite_index);
 	if (peep->type != PEEP_TYPE_GUEST) {
 		*ebx = MONEY32_UNDEFINED;
diff --git a/src/peep/staff.c b/src/peep/staff.c
index 4030f1ef90..64dc1ebb27 100644
--- a/src/peep/staff.c
+++ b/src/peep/staff.c
@@ -1236,6 +1236,10 @@ int staff_path_finding(rct_peep* peep) {
 void game_command_set_staff_name(int *eax, int *ebx, int *ecx, int *edx, int *esi, int *edi, int *ebp) {
 	uint16 sprite_index = *ecx & 0xFFFF;
 
+	if (sprite_index >= MAX_SPRITES) {
+		*ebx = MONEY32_UNDEFINED;
+		return;
+	}
 	rct_peep *peep = GET_PEEP(sprite_index);
 	if (peep->type != PEEP_TYPE_STAFF) {
 		*ebx = MONEY32_UNDEFINED;