From d968b4ad3e8af9655f29f3aa1d473c211a62dcd7 Mon Sep 17 00:00:00 2001
From: gumi <git@gumi.ca>
Date: Thu, 8 Mar 2018 10:14:17 -0500
Subject: fix some out-of-memory reads in script builtins

---
 src/map/script-fun.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/map/script-fun.cpp b/src/map/script-fun.cpp
index 02aefbb..e1866bc 100644
--- a/src/map/script-fun.cpp
+++ b/src/map/script-fun.cpp
@@ -286,7 +286,7 @@ void builtin_callsub(ScriptState *st)
 static
 void builtin_return(ScriptState *st)
 {
-    if (!(st->stack->stack_datav[st->defsp - 1].is<ScriptDataRetInfo>()))
+    if (st->defsp < 1 || !(st->stack->stack_datav[st->defsp - 1].is<ScriptDataRetInfo>()))
     {
         dumb_ptr<npc_data> nd = map_id_is_npc(st->oid);
         if(nd)
@@ -323,7 +323,7 @@ void builtin_next(ScriptState *st)
 static
 void builtin_close(ScriptState *st)
 {
-    if (st->stack->stack_datav[st->defsp - 1].is<ScriptDataRetInfo>())
+    if (st->defsp >= 1 && st->stack->stack_datav[st->defsp - 1].is<ScriptDataRetInfo>())
     {
         dumb_ptr<npc_data> nd = map_id_is_npc(st->oid);
         if(nd)
@@ -2312,7 +2312,7 @@ void builtin_getgmlevel(ScriptState *st)
 static
 void builtin_end(ScriptState *st)
 {
-    if (st->stack->stack_datav[st->defsp - 1].is<ScriptDataRetInfo>())
+    if (st->defsp >= 1 && st->stack->stack_datav[st->defsp - 1].is<ScriptDataRetInfo>())
     {
         dumb_ptr<npc_data> nd = map_id_is_npc(st->oid);
         if(nd)
-- 
cgit v1.2.3-60-g2f50