From 7f772c32d3be201861946bb64720c231828465ac Mon Sep 17 00:00:00 2001 From: Jittapan Pluemsumran Date: Thu, 2 May 2019 21:01:18 +0700 Subject: [PATCH] Fixed potential race-condition possibility in cart item transaction (#4139) Co-authored-by: Cydh Ramdh Co-Authored-By: Aleos --- src/map/pc.cpp | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/src/map/pc.cpp b/src/map/pc.cpp index 7c8e40e5b9..e340427609 100755 --- a/src/map/pc.cpp +++ b/src/map/pc.cpp @@ -5447,7 +5447,7 @@ void pc_putitemtocart(struct map_session_data *sd,int idx,int amount) item_data = &sd->inventory.u.items_inventory[idx]; - if( item_data->nameid == 0 || amount < 1 || item_data->amount < amount || sd->state.vending ) + if( item_data->nameid == 0 || amount < 1 || item_data->amount < amount || sd->state.vending || sd->state.prevend ) return; if( item_data->equipSwitch ){ @@ -5487,21 +5487,25 @@ int pc_cartitem_amount(struct map_session_data* sd, int idx, int amount) *------------------------------------------*/ void pc_getitemfromcart(struct map_session_data *sd,int idx,int amount) { - struct item *item_data; - unsigned char flag = 0; - nullpo_retv(sd); if (idx < 0 || idx >= MAX_CART) //Invalid index check [Skotlex] return; - item_data=&sd->cart.u.items_cart[idx]; + item* item_data=&sd->cart.u.items_cart[idx]; - if(item_data->nameid == 0 || amount < 1 || item_data->amount < amount || sd->state.vending ) + if (item_data->nameid == 0 || amount < 1 || item_data->amount < amount || sd->state.vending || sd->state.prevend) return; - if((flag = pc_additem(sd,item_data,amount,LOG_TYPE_NONE)) == 0) - pc_cart_delitem(sd,idx,amount,0,LOG_TYPE_NONE); - else { + + if (pc_checkadditem(sd, item_data->nameid, amount) == CHKADDITEM_OVERAMOUNT) { + return; + } + + item item_copy = *item_data; + + pc_cart_delitem(sd, idx, amount, 0, LOG_TYPE_NONE); + char flag = pc_additem(sd, &item_copy, amount, LOG_TYPE_NONE); + if(flag != ADDITEM_SUCCESS) { clif_dropitem(sd,idx,0); clif_additem(sd,0,0,flag); }