From 7a2781853d87ea0b613efc709b6f84645541990b Mon Sep 17 00:00:00 2001
From: Dennis Friis <peavey@inspircd.org>
Date: Tue, 23 Jun 2009 01:58:09 +0200
Subject: Crashbug fix for saving to big storages, derived from ea stable.
---
src/char/int_storage.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
(limited to 'src')
diff --git a/src/char/int_storage.c b/src/char/int_storage.c
index e8cbd26..112c84b 100644
--- a/src/char/int_storage.c
+++ b/src/char/int_storage.c
@@ -59,7 +59,7 @@ int storage_fromstr(char *str,struct storage *p)
if(str[next]=='\n' || str[next]=='\r')
return 0;
next++;
- for(i=0;str[next] && str[next]!='\t';i++){
+ for(i=0;str[next] && str[next]!='\t' && i < MAX_STORAGE;i++){
if(sscanf(str + next, "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d%n",
&tmp_int[0], &tmp_int[1], &tmp_int[2], &tmp_int[3],
&tmp_int[4], &tmp_int[5], &tmp_int[6],
@@ -102,6 +102,8 @@ int storage_fromstr(char *str,struct storage *p)
else return 1;
}
+ if (i >= MAX_STORAGE)
+ printf("storage_fromstr: Found a storage line with more items than MAX_STORAGE (%d), remaining items have been discarded!\n", MAX_STORAGE);
return 0;
}
@@ -141,8 +143,8 @@ int guild_storage_fromstr(char *str,struct guild_storage *p)
if(str[next]=='\n' || str[next]=='\r')
return 0;
next++;
- for(i=0;str[next] && str[next]!='\t';i++){
- if(sscanf(str + next, "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d%n",
+ for(i=0;str[next] && str[next]!='\t' && i < MAX_GUILD_STORAGE;i++){
+ if(sscanf(str + next, "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d%n",
&tmp_int[0], &tmp_int[1], &tmp_int[2], &tmp_int[3],
&tmp_int[4], &tmp_int[5], &tmp_int[6],
&tmp_int[7], &tmp_int[8], &tmp_int[9], &tmp_int[10], &tmp_int[10], &len) == 12) {
@@ -184,6 +186,8 @@ int guild_storage_fromstr(char *str,struct guild_storage *p)
else return 1;
}
+ if (i >= MAX_GUILD_STORAGE)
+ printf("guild_storage_fromstr: Found a storage line with more items than MAX_GUILD_STORAGE (%d), remaining items have been discarded!\n", MAX_GUILD_STORAGE);
return 0;
}
--
cgit v1.2.3-70-g09d2