summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Karas <akaras@inbox.ru>2016-09-18 01:38:37 +0300
committerAndrei Karas <akaras@inbox.ru>2016-09-19 04:07:40 +0300
commit13b0df653961554f1e64680c763ea34ae84fa8f9 (patch)
treeebb7c4d095beb5b62046370b5ccb31e96d135087
parentc3e37a3d8a1e40194528354c6aeff96294563a67 (diff)
downloadhercules-13b0df653961554f1e64680c763ea34ae84fa8f9.tar.gz
hercules-13b0df653961554f1e64680c763ea34ae84fa8f9.tar.bz2
hercules-13b0df653961554f1e64680c763ea34ae84fa8f9.tar.xz
hercules-13b0df653961554f1e64680c763ea34ae84fa8f9.zip
Add missing checks into trade.c
-rw-r--r--src/map/trade.c24
1 files changed, 19 insertions, 5 deletions
diff --git a/src/map/trade.c b/src/map/trade.c
index d6bdd14e5..6ada188c9 100644
--- a/src/map/trade.c
+++ b/src/map/trade.c
@@ -118,7 +118,8 @@ void trade_traderequest(struct map_session_data *sd, struct map_session_data *ta
* Weird enough, the client should only send 3/4
* and the server is the one that can reply 0~2
*------------------------------------------*/
-void trade_tradeack(struct map_session_data *sd, int type) {
+void trade_tradeack(struct map_session_data *sd, int type)
+{
struct map_session_data *tsd;
nullpo_retv(sd);
@@ -217,6 +218,8 @@ int impossible_trade_check(struct map_session_data *sd)
if (!sd->deal.item[i].amount)
continue;
index = sd->deal.item[i].index;
+ if (index < 0 || index >= MAX_INVENTORY)
+ return 1;
if (inventory[index].amount < sd->deal.item[i].amount) {
// if more than the player have -> hack
snprintf(message_to_gm, sizeof(message_to_gm), msg_txt(538), sd->status.name, sd->status.account_id); // Hack on trade: character '%s' (account: %d) try to trade more items that he has.
@@ -257,6 +260,8 @@ int trade_check(struct map_session_data *sd, struct map_session_data *tsd)
struct item_data *data;
int trade_i, i, n;
+ nullpo_ret(sd);
+ nullpo_ret(tsd);
// check zenys value against hackers (Zeny was already checked on time of adding, but you never know when you lost some zeny since then.
if(sd->deal.zeny > sd->status.zeny || (tsd->status.zeny > MAX_ZENY - sd->deal.zeny))
return 0;
@@ -303,6 +308,8 @@ int trade_check(struct map_session_data *sd, struct map_session_data *tsd)
if (!amount)
continue;
n = tsd->deal.item[trade_i].index;
+ if (n < 0 || n >= MAX_INVENTORY)
+ return 0;
if (amount > inventory2[n].amount)
return 0;
// search if it's possible to add item (for full inventory)
@@ -336,7 +343,8 @@ int trade_check(struct map_session_data *sd, struct map_session_data *tsd)
/*==========================================
* Adds an item/qty to the trade window
*------------------------------------------*/
-void trade_tradeadditem(struct map_session_data *sd, short index, short amount) {
+void trade_tradeadditem(struct map_session_data *sd, short index, short amount)
+{
struct map_session_data *target_sd;
struct item *item;
int trade_i, trade_weight;
@@ -456,9 +464,11 @@ void trade_tradeaddzeny(struct map_session_data* sd, int amount)
/*==========================================
* 'Ok' button on the trade window is pressed.
*------------------------------------------*/
-void trade_tradeok(struct map_session_data *sd) {
+void trade_tradeok(struct map_session_data *sd)
+{
struct map_session_data *target_sd;
+ nullpo_retv(sd);
if(sd->state.deal_locked || !sd->state.trading)
return;
@@ -475,10 +485,12 @@ void trade_tradeok(struct map_session_data *sd) {
/*==========================================
* 'Cancel' is pressed. (or trade was force-canceled by the code)
*------------------------------------------*/
-void trade_tradecancel(struct map_session_data *sd) {
+void trade_tradecancel(struct map_session_data *sd)
+{
struct map_session_data *target_sd;
int trade_i;
+ nullpo_retv(sd);
target_sd = map->id2sd(sd->trade_partner);
if(!sd->state.trading)
@@ -533,11 +545,13 @@ void trade_tradecancel(struct map_session_data *sd) {
/*==========================================
* lock sd and tsd trade data, execute the trade, clear, then save players
*------------------------------------------*/
-void trade_tradecommit(struct map_session_data *sd) {
+void trade_tradecommit(struct map_session_data *sd)
+{
struct map_session_data *tsd;
int trade_i;
int flag;
+ nullpo_retv(sd);
if (!sd->state.trading || !sd->state.deal_locked) //Locked should be 1 (pressed ok) before you can press trade.
return;