From 9412c1eb3ae7c9b0b39a81351f3575f79c1b714d Mon Sep 17 00:00:00 2001
From: Jelle Meeus <sogladev@gmail.com>
Date: Fri, 14 Feb 2025 11:31:14 +0100
Subject: [PATCH] fix(Scripts/BlackTemple): Illidan buffer overflow (#21441)

---
 .../scripts/Outland/BlackTemple/boss_illidan.cpp     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/server/scripts/Outland/BlackTemple/boss_illidan.cpp b/src/server/scripts/Outland/BlackTemple/boss_illidan.cpp
index 4ab5aaae9b..da92628e0f 100644
--- a/src/server/scripts/Outland/BlackTemple/boss_illidan.cpp
+++ b/src/server/scripts/Outland/BlackTemple/boss_illidan.cpp
@@ -207,7 +207,7 @@ struct boss_illidan_stormrage : public BossAI
         _canTalk = true;
         _dying = false;
         _inCutscene = false;
-        beamPosId = urand(0, MAX_EYE_BEAM_POS);
+        beamPosId = urand(0, MAX_EYE_BEAM_POS - 1);
         me->ReplaceAllUnitFlags(UNIT_FLAG_IMMUNE_TO_PC | UNIT_FLAG_IMMUNE_TO_NPC);
         me->SetDisableGravity(false);
         me->SetHover(false);
@@ -696,11 +696,11 @@ private:
 
     void CycleBeamPos(uint8 &beamPosId)
     {
-        uint8 _incumbentBeamPos = urand(0, MAX_EYE_BEAM_POS);
-        if (_incumbentBeamPos == beamPosId)
-            CycleBeamPos(beamPosId);
-        else
-            beamPosId = _incumbentBeamPos;
+        uint8 newPos;
+        do {
+            newPos = urand(0, MAX_EYE_BEAM_POS - 1);
+        } while (newPos == beamPosId);
+        beamPosId = newPos;
     }
 };