From c260a95abc1b5625fd8e77649f229e2dec397db8 Mon Sep 17 00:00:00 2001
From: Michael Steenbeek <m.o.steenbeek@gmail.com>
Date: Wed, 25 Jan 2023 21:48:37 +0100
Subject: [PATCH] Fix #19245: NPE in UpdateRideApproachExitWaypoints() (#19252)

* Fix #19245: NPE in UpdateRideApproachExitWaypoints()

* Apply suggestions from code review

Co-authored-by: Tulio Leao <tupaschoal@gmail.com>
---
 src/openrct2/entity/Guest.cpp | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/openrct2/entity/Guest.cpp b/src/openrct2/entity/Guest.cpp
index 9b2516b607..322e7bd55b 100644
--- a/src/openrct2/entity/Guest.cpp
+++ b/src/openrct2/entity/Guest.cpp
@@ -4515,16 +4515,26 @@ void Guest::UpdateRideApproachExitWaypoints()
             return;
         }
 
-        const auto& rtd = ride->GetRideTypeDescriptor();
-        CoordsXY targetLoc = rtd.GetGuestWaypointLocation(*vehicle, *ride, CurrentRideStation);
-
         RideObjectEntry* rideEntry = vehicle->GetRideEntry();
-        CarEntry* carEntry = &rideEntry->Cars[vehicle->vehicle_type];
+        if (rideEntry == nullptr)
+            return;
 
-        Guard::Assert((Var37 & 3) < 3);
-        targetLoc.x += carEntry->peep_loading_waypoints[Var37 / 4][Var37 & 3].x;
-        targetLoc.y += carEntry->peep_loading_waypoints[Var37 / 4][Var37 & 3].y;
+        if (vehicle->vehicle_type >= std::size(rideEntry->Cars))
+            return;
 
+        const CarEntry& carEntry = rideEntry->Cars[vehicle->vehicle_type];
+
+        const size_t carPosition = Var37 / 4;
+        if (carPosition >= carEntry.peep_loading_waypoints.size())
+            return;
+
+        const auto waypoint = Var37 & 3;
+        Guard::Assert(waypoint < 3);
+
+        const auto& rtd = ride->GetRideTypeDescriptor();
+
+        CoordsXY targetLoc = rtd.GetGuestWaypointLocation(*vehicle, *ride, CurrentRideStation);
+        targetLoc += carEntry.peep_loading_waypoints[carPosition][waypoint];
         SetDestination(targetLoc);
         return;
     }