From b53e1b8eac8912dfaf180d2ff15fa2837f3a5fbd Mon Sep 17 00:00:00 2001
From: mingzi120 <63457837+mingzi120@users.noreply.github.com>
Date: Sun, 19 Apr 2026 06:25:36 +0800
Subject: [PATCH] fix(Core/AI): Prevent uint32 underflow in ScriptedEscortAI
 (#25485)

Co-authored-by: zhangjunming <zhangjunming@DESKTOP-LQP9RI3.local>
---
 src/server/game/AI/ScriptedAI/ScriptedEscortAI.cpp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/server/game/AI/ScriptedAI/ScriptedEscortAI.cpp b/src/server/game/AI/ScriptedAI/ScriptedEscortAI.cpp
index bf156a6e9..ab9d233ca 100644
--- a/src/server/game/AI/ScriptedAI/ScriptedEscortAI.cpp
+++ b/src/server/game/AI/ScriptedAI/ScriptedEscortAI.cpp
@@ -549,8 +549,6 @@ void npc_escortAI::GenerateWaypointArray(Movement::PointsArray* points)
     if (WaypointList.empty())
         return;
 
-    uint32 startingWaypointId = CurrentWP->id;
-
     // Flying unit, just fill array
     if (me->m_movementInfo.HasMovementFlag((MovementFlags)(MOVEMENTFLAG_CAN_FLY | MOVEMENTFLAG_DISABLE_GRAVITY)))
     {
@@ -562,12 +560,13 @@ void npc_escortAI::GenerateWaypointArray(Movement::PointsArray* points)
     }
     else
     {
+        uint32 remainingWaypoints = std::distance(CurrentWP, WaypointList.end());
         for (float size = 1.0f; size; size *= 0.5f)
         {
             std::vector<G3D::Vector3> pVector;
             // xinef: first point in vector is unit real position
             pVector.push_back(G3D::Vector3(me->GetPositionX(), me->GetPositionY(), me->GetPositionZ()));
-            uint32 length = (WaypointList.size() - startingWaypointId) * size;
+            uint32 length = remainingWaypoints * size;
 
             uint32 cnt = 0;
             for (std::list<Escort_Waypoint>::const_iterator itr = CurrentWP; itr != WaypointList.end() && cnt <= length; ++itr, ++cnt)