From 3e67c82a229dd9f1490d3ad4347d968e4b351b52 Mon Sep 17 00:00:00 2001
From: Mario Zechner <badlogicgames@gmail.com>
Date: Sat, 26 Jul 2025 02:17:18 +0200
Subject: [PATCH] [cpp] Fix UB in attachment timeline binary parsing

---
 spine-cpp/src/spine/SkeletonBinary.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/spine-cpp/src/spine/SkeletonBinary.cpp b/spine-cpp/src/spine/SkeletonBinary.cpp
index 1b3f6007a..85d007273 100644
--- a/spine-cpp/src/spine/SkeletonBinary.cpp
+++ b/spine-cpp/src/spine/SkeletonBinary.cpp
@@ -805,7 +805,11 @@ Animation *SkeletonBinary::readAnimation(DataInput &input, const String &name, S
 			switch (timelineType) {
 				case SLOT_ATTACHMENT: {
 					AttachmentTimeline *timeline = new (__FILE__, __LINE__) AttachmentTimeline(frameCount, slotIndex);
-					for (int frame = 0; frame < frameCount; ++frame) timeline->setFrame(frame, input.readFloat(), input.readStringRef());
+					for (int frame = 0; frame < frameCount; ++frame) {
+						float time = input.readFloat();
+						char *attachmentName = input.readStringRef();
+						timeline->setFrame(frame, time, attachmentName);
+					}
 					timelines.add(timeline);
 					break;
 				}