- Fixed negative value exploit (view changelog)

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@7647 54d463be-8e91-2dee-dedb-b68131a5f0ec

2 files changed, 9 insertions, 2 deletions

diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt
index b37c7c254..2bde2cfd9 100644
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -4,6 +4,11 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO
 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.

 

 2006/07/12

+	* Fixed exploit in pc_bonus there are no checks that check that the value being

+	  added onto a status don't make it go below zero, which means if you have a mineral

+	  card and reset stats it reduces your base attack to lower than zero, making it

+	  go up to 64000. Fixed by adding a check for SP_BASE_ATK, although i recommend

+	  doing it for other status bonuses also [Zido]

 	* Recoded NJ_BAKUENRYU to behave as I understand it best from the

 	  skill-description (since Haplo told me this skill doesn't really has video

 	  information or anything...) [Skotlex]

diff --git a/src/map/pc.c b/src/map/pc.c
index d8b8f9bfa..53c953a2c 100644
--- a/src/map/pc.c
+++ b/src/map/pc.c
@@ -1278,8 +1278,10 @@ int pc_bonus(struct map_session_data *sd,int type,int val)
 			status->lhw->atk2+=val;
 		break;
 	case SP_BASE_ATK:
-		if(sd->state.lr_flag != 2)
-			status->batk+=val;
+		if(sd->state.lr_flag != 2) {
+			if(!(val<0 && ((val-val-val)>status->batk)))
+				status->batk+=val;
+		}
 		break;
 	case SP_MATK1:
 		if(sd->state.lr_flag != 2)