Mirroristas/rathena
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added protection from segfault by int overflow in charcommand heal and fixed a typo in atcommand heal. (Follow-up to r13321)

Browse Source 
git-svn-id: https://svn.code.sf.net/p/rathena/svn/trunk@13322 54d463be-8e91-2dee-dedb-b68131a5f0ec
This commit is contained in:
Paradox924X 2008-10-24 21:32:59 +00:00
parent 53264778f7
commit 58a0da9e75
3 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog-Trunk.txt
View File

@ -4,6 +4,7 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO
IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
2008/10/24
* Added protection from segfault by int overflow in charcommand heal and fixed a typo in atcommand heal. (Follow-up to r13321) [Paradox924X]
* Added protection from segfault by int overflow in atcommand heal. (bugreport:1886) [Paradox924X]
* Commented out unused function clif_marriage_process. [Paradox924X]
2008/10/21

2
src/map/atcommand.c
View File

@ -1515,7 +1515,7 @@ int atcommand_heal(const int fd, struct map_session_data* sd, const char* comman
if ( hp < -2147483647 || sp < -2147483647 ) { // Prevent overflow. [Paradox924X]
status_damage(NULL, &sd->bl, 2147483647, 2147483647, 0, 0);
clif_damage(&sd->bl,&sd->bl, gettick(), 0, 0, -hp, 0 , 4, 0);
clif_damage(&sd->bl,&sd->bl, gettick(), 0, 0, 2147483647, 0 , 4, 0);
clif_displaymessage(fd, msg_txt(156)); // HP or/and SP modified.
return 0;
}

10
src/map/charcommand.c
View File

@ -1794,7 +1794,8 @@ int charcommand_heal(const int fd, struct map_session_data* sd, const char* comm
return -1;
}
if (hp == 0 && sp == 0) {
if ( ( hp == 0 && sp == 0 )
|| ( hp > 2147483647 || sp > 2147483647 ) ) { // Prevent overflow. [Paradox924X]
if (!status_percent_heal(&pl_sd->bl, 100, 100))
clif_displaymessage(fd, msg_txt(157)); // HP and SP are already with the good value.
else
@ -1806,6 +1807,13 @@ int charcommand_heal(const int fd, struct map_session_data* sd, const char* comm
return 0;
}
if ( hp < -2147483647 || sp < -2147483647 ) { // Prevent overflow. [Paradox924X]
status_damage(NULL, &pl_sd->bl, 2147483647, 2147483647, 0, 0);
clif_damage(&pl_sd->bl,&pl_sd->bl, gettick(), 0, 0, 2147483647, 0 , 4, 0);
clif_displaymessage(fd, msg_txt(156)); // HP or/and SP modified.
return 0;
}
if(hp > 0 && sp >= 0) {
if(!status_heal(&pl_sd->bl, hp, sp, 2))
clif_displaymessage(fd, msg_txt(157)); // HP and SP are already with the good value.