From 41b1543176e758e58365b5cac50d302dc32bddab Mon Sep 17 00:00:00 2001
From: "seer-by-sentry[bot]"
 <157164994+seer-by-sentry[bot]@users.noreply.github.com>
Date: Fri, 6 Mar 2026 11:27:03 +0000
Subject: [PATCH] Fix: Prevent null dereference on failed dynamic vertex buffer
 allocation

---
 .../Source/WWVegas/WW3D2/dx8vertexbuffer.cpp      | 15 +++++++++++++++
 .../Source/WWVegas/WW3D2/dx8vertexbuffer.cpp      | 15 +++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/Generals/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp b/Generals/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp
index 37ee893a97f..e97e19a851c 100644
--- a/Generals/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp
+++ b/Generals/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp
@@ -781,6 +781,11 @@ void DynamicVBAccessClass::Allocate_DX8_Dynamic_Buffer()
 			_DynamicDX8VertexBufferSize,
 			(DX8VertexBufferClass::UsageType)usage));
 		_DynamicDX8VertexBufferOffset=0;
+
+		// If allocation failed, leave VertexBuffer as nullptr and return early
+		if (!_DynamicDX8VertexBuffer) {
+			return;
+		}
 	}
 
 	// Any room at the end of the buffer?
@@ -839,6 +844,12 @@ DynamicVBAccessClass::WriteLockClass::WriteLockClass(DynamicVBAccessClass* dynam
 		WWASSERT(_DynamicDX8VertexBuffer);
 //		WWASSERT(!_DynamicDX8VertexBuffer->Engine_Refs());
 
+		// Guard against a failed vertex buffer allocation
+		if (!DynamicVBAccess->VertexBuffer) {
+			Vertices=nullptr;
+			break;
+		}
+
 		DX8_Assert();
 		// Lock with discard contents if the buffer offset is zero
 		DX8_ErrorCode(static_cast<DX8VertexBufferClass*>(DynamicVBAccess->VertexBuffer)->Get_DX8_Vertex_Buffer()->Lock(
@@ -870,6 +881,10 @@ DynamicVBAccessClass::WriteLockClass::~WriteLockClass()
 		WWASSERT(!dx8_lock);
 		WWDEBUG_SAY(("DynamicVertexBuffer->Unlock()"));
 #endif
+		// Guard against a failed vertex buffer allocation
+		if (!DynamicVBAccess->VertexBuffer) {
+			break;
+		}
 		DX8_Assert();
 		DX8_ErrorCode(static_cast<DX8VertexBufferClass*>(DynamicVBAccess->VertexBuffer)->Get_DX8_Vertex_Buffer()->Unlock());
 		break;
diff --git a/GeneralsMD/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp b/GeneralsMD/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp
index 8c61f2222c5..5b47f81c194 100644
--- a/GeneralsMD/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp
+++ b/GeneralsMD/Code/Libraries/Source/WWVegas/WW3D2/dx8vertexbuffer.cpp
@@ -792,6 +792,11 @@ void DynamicVBAccessClass::Allocate_DX8_Dynamic_Buffer()
 			_DynamicDX8VertexBufferSize,
 			(DX8VertexBufferClass::UsageType)usage));
 		_DynamicDX8VertexBufferOffset=0;
+
+		// If allocation failed, leave VertexBuffer as nullptr and return early
+		if (!_DynamicDX8VertexBuffer) {
+			return;
+		}
 	}
 
 	// Any room at the end of the buffer?
@@ -852,6 +857,12 @@ DynamicVBAccessClass::WriteLockClass::WriteLockClass(DynamicVBAccessClass* dynam
 		WWASSERT(_DynamicDX8VertexBuffer);
 //		WWASSERT(!_DynamicDX8VertexBuffer->Engine_Refs());
 
+		// Guard against a failed vertex buffer allocation
+		if (!DynamicVBAccess->VertexBuffer) {
+			Vertices=nullptr;
+			break;
+		}
+
 		DX8_Assert();
 		// Lock with discard contents if the buffer offset is zero
 		DX8_ErrorCode(static_cast<DX8VertexBufferClass*>(DynamicVBAccess->VertexBuffer)->Get_DX8_Vertex_Buffer()->Lock(
@@ -884,6 +895,10 @@ DynamicVBAccessClass::WriteLockClass::~WriteLockClass()
 		WWDEBUG_SAY(("DynamicVertexBuffer->Unlock()"));
 */
 #endif
+		// Guard against a failed vertex buffer allocation
+		if (!DynamicVBAccess->VertexBuffer) {
+			break;
+		}
 		DX8_Assert();
 		DX8_ErrorCode(static_cast<DX8VertexBufferClass*>(DynamicVBAccess->VertexBuffer)->Get_DX8_Vertex_Buffer()->Unlock());
 		break;