- Fixed horrible handling of skill_abra_db which leads to memory corruption (depending on the contents of yor abra_db.txt file)

git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@11970 54d463be-8e91-2dee-dedb-b68131a5f0ec

Changelog-Trunk.txt

@@ -3,6 +3,9 @@ Date	Added
 AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO INTO TRUNK.
 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
 
+2007/12/23
+	* Fixed horrible handling of skill_abra_db which leads to memory corruption
+	  (depending on the contents of yor abra_db.txt file) [Skotlex]
 2007/12/22
 	* Fixed droprate overflows when going over rate 2000x [ultramage]
 	* Corrected mob spawn utilization of the delay1/delay2 values (one is

src/map/pc.c

@@ -244,7 +244,7 @@ void pc_addfame(struct map_session_data *sd,int count)
 	nullpo_retv(sd);
 	sd->status.fame += count;
 	if(sd->status.fame > MAX_FAME)
-	    sd->status.fame = MAX_FAME;
+		sd->status.fame = MAX_FAME;
 	switch(sd->class_&MAPID_UPPERMASK){
 		case MAPID_BLACKSMITH: // Blacksmith
 			clif_fame_blacksmith(sd,count);

src/map/skill.c

@@ -3023,16 +3023,12 @@ int skill_castend_nodamage_id (struct block_list *src, struct block_list *bl, in
 		{
 			int abra_skillid = 0, abra_skilllv;
 			do {
-				abra_skillid = rand() % MAX_SKILL_ABRA_DB;
-				if (
-//Unneeded check, use the "per" field to know if the skill is valid.
-//					skill_get_inf2(abra_skillid)&(INF2_NPC_SKILL|INF2_SONG_DANCE|INF2_ENSEMBLE_SKILL) || //NPC/Song/Dance skills are out
-					!skill_get_inf(abra_skillid) || //Passive skills cannot be casted
-					skill_abra_db[abra_skillid].req_lv > skilllv || //Required lv for it to appear
-					rand()%10000 >= skill_abra_db[abra_skillid].per
-				)
-					abra_skillid = 0;	// reset to get a new id
-			} while (abra_skillid == 0);
+				i = rand() % MAX_SKILL_ABRA_DB;
+				abra_skillid = skill_abra_db[i].skillid;
+			} while (abra_skillid == 0 ||
+				skill_abra_db[i].req_lv > skilllv || //Required lv for it to appear
+				rand()%10000 >= skill_abra_db[i].per
+			);
 			abra_skilllv = min(skilllv, skill_get_max(abra_skillid));
 			clif_skill_nodamage (src, bl, skillid, skilllv, 1);
 			
@@ -11015,14 +11011,23 @@ static bool skill_parse_row_createarrowdb(char* split[], int columns, int curren
 static bool skill_parse_row_abradb(char* split[], int columns, int current)
 {// SkillID,DummyName,RequiredHocusPocusLevel,Rate
 	int i = atoi(split[0]);
-	i = skill_get_index(i);
-	if( !i )
+	if( !skill_get_index(i) || !skill_get_max(i) )
+	{
+		ShowError("abra_db: Invalid skill ID %d\n", i);
 		return false;
+	}
+	if ( !skill_get_inf(i) )
+	{
+		ShowError("abra_db: Passive skills cannot be casted (%d/%s)\n", i, skill_get_name(i));
+		return false;
+	}
+
 	if( current == MAX_SKILL_ABRA_DB )
 		return false;
-
-	skill_abra_db[i].req_lv = atoi(split[2]);
-	skill_abra_db[i].per = atoi(split[3]);
+	
+	skill_abra_db[current].skillid = i;
+	skill_abra_db[current].req_lv = atoi(split[2]);
+	skill_abra_db[current].per = atoi(split[3]);
 
 	//TODO?: add capacity warning here
 

src/map/skill.h

@@ -130,7 +130,7 @@ extern struct s_skill_arrow_db skill_arrow_db[MAX_SKILL_ARROW_DB];
 
 // アブラカダブラデ?タベ?ス
 struct s_skill_abra_db {
-	int nameid;
+	int skillid;
 	int req_lv;
 	int per;
 };

src/map/status.c

@@ -6622,7 +6622,6 @@ int kaahi_heal_timer(int tid, unsigned int tick, int id, int data)
 	struct status_data *status;
 	int hp;
 
-	;
 	if(!((bl=map_id2bl(id))&&
 		(sc=status_get_sc(bl)) &&
 		(sce = sc->data[SC_KAAHI])))