From 09f3b8f4857f65c8f434df86333e38f940ce77aa Mon Sep 17 00:00:00 2001
From: Andrew Meadows <andrew@highfidelity.io>
Date: Sat, 8 Dec 2018 10:36:35 -0800
Subject: [PATCH] add bit of sanity checking for incomming AvatarEntities data

---
 .../avatars-renderer/src/avatars-renderer/Avatar.cpp     | 9 +++++++++
 libraries/entities/src/EntityTypes.cpp                   | 4 ++++
 libraries/entities/src/EntityTypes.h                     | 1 +
 3 files changed, 14 insertions(+)

diff --git a/libraries/avatars-renderer/src/avatars-renderer/Avatar.cpp b/libraries/avatars-renderer/src/avatars-renderer/Avatar.cpp
index 0555f60742..f583b41172 100644
--- a/libraries/avatars-renderer/src/avatars-renderer/Avatar.cpp
+++ b/libraries/avatars-renderer/src/avatars-renderer/Avatar.cpp
@@ -367,6 +367,15 @@ void Avatar::updateAvatarEntities() {
                     // TODO? put a maximum number of tries on this?
                 }
             } else {
+                // sanity check data
+                QUuid id;
+                EntityTypes::EntityType type;
+                EntityTypes::extractEntityTypeAndID((unsigned char*)(data.data()), data.size(), type, id);
+                if (id != entityID || !EntityTypes::typeIsValid(type)) {
+                    // skip for corrupt
+                    ++dataItr;
+                    continue;
+                }
                 // remember this hash for the future
                 stateItr = _avatarEntityDataHashes.insert(entityID, AvatarEntityDataHash(newHash));
             }
diff --git a/libraries/entities/src/EntityTypes.cpp b/libraries/entities/src/EntityTypes.cpp
index 1544adca94..6f05237b1e 100644
--- a/libraries/entities/src/EntityTypes.cpp
+++ b/libraries/entities/src/EntityTypes.cpp
@@ -58,6 +58,10 @@ REGISTER_ENTITY_TYPE(Light)
 REGISTER_ENTITY_TYPE(Zone)
 REGISTER_ENTITY_TYPE(Material)
 
+bool EntityTypes::typeIsValid(EntityType type) {
+    return type > EntityType::Unknown && type <= EntityType::LAST;
+}
+
 const QString& EntityTypes::getEntityTypeName(EntityType entityType) {
     QMap<EntityType, QString>::iterator matchedTypeName = _typeToNameMap.find(entityType);
     if (matchedTypeName != _typeToNameMap.end()) {
diff --git a/libraries/entities/src/EntityTypes.h b/libraries/entities/src/EntityTypes.h
index dfb7779154..9f4ba36df1 100644
--- a/libraries/entities/src/EntityTypes.h
+++ b/libraries/entities/src/EntityTypes.h
@@ -109,6 +109,7 @@ public:
         NUM_TYPES
     } EntityType;
 
+    static bool typeIsValid(EntityType type);
     static const QString& getEntityTypeName(EntityType entityType);
     static EntityTypes::EntityType getEntityTypeFromName(const QString& name);
     static bool registerEntityType(EntityType entityType, const char* name, EntityTypeFactory factoryMethod);