[Issue Report]: Out-of-bounds class index in CalcPlrDamageMod() when loading unvalidated save

[ACavalletto]

Operating System

Linux x86

DevilutionX version

1.5.5

Describe

The player class value loaded from save data is used directly in CalcPlrDamageMod() (Source/items.cpp) without any bounds validation. A malformed or malicious save file can supply an out-of-range class index, causing the code to read outside the class-data tables. This can result in undefined behavior, a crash (segfault), or incorrect damage calculations depending on what memory is read.

To Reproduce

1. Craft or modify a save file so the player class byte holds an invalid value (e.g., a value ≥ the number of defined classes).
2. Load the save file in DevilutionX.
3. Enter combat or any situation that triggers CalcPlrDamageMod().
4. Observe crash or incorrect behavior.

Expected Behavior

The game should validate the player class value when loading save data. If the value is outside the valid range, it should fall back to a safe default class rather than using the raw invalid index.

Additional context

• Vulnerable function: CalcPlrDamageMod() in Source/items.cpp
• The root cause is a missing bounds check on the class index after it is deserialized from save data. Any code path that reads class-indexed tables using this value is potentially affected.
• Suggested fix: add a validation step after loading the class field, clamping or defaulting to a known good value if out of range.

[ACavalletto]

@Jacekhacking and @coopons also helped find this bug.