From d0057922dd329d24d06914a11501a3e201b40638 Mon Sep 17 00:00:00 2001
From: Gunter Labes <soliton@wesnoth.org>
Date: Mon, 26 Oct 2020 20:17:22 +0100
Subject: [PATCH] Prevent out-of-range access

---
 src/server/wesnothd/server.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/server/wesnothd/server.cpp b/src/server/wesnothd/server.cpp
index 218e05bf9be6..11f001ce005f 100644
--- a/src/server/wesnothd/server.cpp
+++ b/src/server/wesnothd/server.cpp
@@ -358,7 +358,7 @@ void server::handle_read_from_fifo(const boost::system::error_code& error, std::
 	const std::string res = process_command(cmd, "*socket*");
 
 	// Only mark the response if we fake the issuer (i.e. command comes from IRC or so)
-	if(cmd.at(0) == '+') {
+	if(!cmd.empty() && cmd.at(0) == '+') {
 		LOG_SERVER << "[admin_command_response]\n"
 				   << res << "\n"
 				   << "[/admin_command_response]\n";
@@ -1955,7 +1955,7 @@ std::string server::process_command(std::string query, std::string issuer_name)
 {
 	boost::trim(query);
 
-	if(issuer_name == "*socket*" && query.at(0) == '+') {
+	if(issuer_name == "*socket*" && !query.empty() && query.at(0) == '+') {
 		// The first argument might be "+<issuer>: ".
 		// In that case we use +<issuer>+ as the issuer_name.
 		// (Mostly used for communication with IRC.)