From 0414ba7f6bbdfe18163e225a97a4a4d348526e1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Janiszewski?= <janisozaur@gmail.com>
Date: Mon, 17 Apr 2017 11:44:21 +0200
Subject: [PATCH] Verify access to sprites

---
 src/openrct2/drawing/sprite.cpp | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/openrct2/drawing/sprite.cpp b/src/openrct2/drawing/sprite.cpp
index 91f9e0ba51..881bbc8f05 100644
--- a/src/openrct2/drawing/sprite.cpp
+++ b/src/openrct2/drawing/sprite.cpp
@@ -34,8 +34,8 @@ extern "C"
 extern "C"
 {
     static void *   _g1Buffer = nullptr;
-    static rct_gx   _g2;
-    static rct_gx   _csg;
+    static rct_gx   _g2 = { 0 };
+    static rct_gx   _csg = { 0 };
     static bool     _csgLoaded = false;
 
     #ifdef NO_RCT2
@@ -641,10 +641,20 @@ extern "C"
         }
         if (image_id < SPR_CSG_BEGIN)
         {
-            return &_g2.elements[image_id - SPR_G2_BEGIN];
+            const uint32 idx = image_id - SPR_G2_BEGIN;
+            openrct2_assert(idx < _g2.header.num_entries,
+                            "Invalid entry in g2.dat requested, idx = %u. You may have to update your g2.dat.", idx);
+            return &_g2.elements[idx];
         }
 
-        return &_csg.elements[image_id - SPR_CSG_BEGIN];
+        if (is_csg_loaded())
+        {
+            const uint32 idx = image_id - SPR_CSG_BEGIN;
+            openrct2_assert(idx < _csg.header.num_entries,
+                            "Invalid entry in csg.dat requested, idx = %u.", idx);
+            return &_csg.elements[idx];
+        }
+        return nullptr;
     }
 
     bool is_csg_loaded()