From cd61bb276cccb567d0ff777742e17b9977e5399b Mon Sep 17 00:00:00 2001
From: hzqst <113660872@qq.com>
Date: Tue, 14 May 2024 18:55:40 +0800
Subject: [PATCH] Fix a potential buffer overflow in
 CPhysicsManager::GenerateIndexedArrayForBrush which may cause random crash.

---
 Plugins/BulletPhysics/physics.cpp | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/Plugins/BulletPhysics/physics.cpp b/Plugins/BulletPhysics/physics.cpp
index 66570620..9b46142e 100644
--- a/Plugins/BulletPhysics/physics.cpp
+++ b/Plugins/BulletPhysics/physics.cpp
@@ -366,16 +366,7 @@ void CPhysicsManager::GenerateIndexedArrayForBrush(model_t *mod, vertexarray_t *
 	{
 		for (int i = 0; i < mod->nummodelsurfaces; i++)
 		{
-			msurface_t* surf;
-
-			if (g_iEngineType == ENGINE_GOLDSRC_HL25)
-			{
-				surf = (((msurface_hl25_t*)mod->surfaces) + mod->firstmodelsurface + i);
-			}
-			else
-			{
-				surf = mod->surfaces + mod->firstmodelsurface + i;
-			}
+			auto surf = GetWorldSurfaceByIndex(mod->firstmodelsurface + i);
 
 			GenerateIndexedArrayForSurface(surf, vertexarray, indexarray);
 		}