summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrei Karas <akaras@inbox.ru>2014-12-25 17:41:42 +0300
committerAndrei Karas <akaras@inbox.ru>2014-12-31 23:06:27 +0300
commita71a056abb8931aa4a11d0cde296fe9de68ee6df (patch)
tree0ebda387e185404e2670a0c6f81b38b2cd1dbc95
parentdb5fd3795cba3d30bb3d031719a272eec23cd586 (diff)
downloadhercules-a71a056abb8931aa4a11d0cde296fe9de68ee6df.tar.gz
hercules-a71a056abb8931aa4a11d0cde296fe9de68ee6df.tar.bz2
hercules-a71a056abb8931aa4a11d0cde296fe9de68ee6df.tar.xz
hercules-a71a056abb8931aa4a11d0cde296fe9de68ee6df.zip
Fix possible memory overflows and underflows.
-rw-r--r--src/map/clif.c4
-rw-r--r--src/map/mob.c2
-rw-r--r--src/map/pc.c2
3 files changed, 5 insertions, 3 deletions
diff --git a/src/map/clif.c b/src/map/clif.c
index d7b10f2f4..a1eb6662f 100644
--- a/src/map/clif.c
+++ b/src/map/clif.c
@@ -14495,8 +14495,8 @@ void clif_ranking_pk(struct map_session_data* sd) {
WFIFOHEAD(fd,packet_len(0x238));
WFIFOW(fd,0) = 0x238;
- for(i=0;i<10;i++){
- memcpy(WFIFOP(fd,i*24+2), "Unknown", NAME_LENGTH);
+ for (i = 0; i < 10;i ++) {
+ strncpy((char*)WFIFOP(fd, i * 24 + 2), "Unknown", NAME_LENGTH);
WFIFOL(fd,i*4+242) = 0;
}
WFIFOSET(fd, packet_len(0x238));
diff --git a/src/map/mob.c b/src/map/mob.c
index 4db8cb2f6..96ee83d3b 100644
--- a/src/map/mob.c
+++ b/src/map/mob.c
@@ -4324,7 +4324,7 @@ bool mob_parse_row_mobskilldb(char** str, int columns, int current)
if( strcmp(str[1],"clear")==0 ){
if (mob_id < 0)
return false;
- memset(mob->db_data[mob_id]->skill,0,sizeof(struct mob_skill));
+ memset(mob->db_data[mob_id]->skill,0,sizeof(struct mob_skill) * MAX_MOBSKILL);
mob->db_data[mob_id]->maxskill=0;
return true;
}
diff --git a/src/map/pc.c b/src/map/pc.c
index e39ddbff2..356b57e5b 100644
--- a/src/map/pc.c
+++ b/src/map/pc.c
@@ -1422,6 +1422,7 @@ int pc_calc_skilltree(struct map_session_data *sd)
{ //Enable Bard/Dancer spirit linked skills.
if( sd->status.sex )
{ //Link dancer skills to bard.
+ // i can be < 8?
if( sd->status.skill[i-8].lv < 10 )
continue;
sd->status.skill[i].id = skill->db[i].nameid;
@@ -1430,6 +1431,7 @@ int pc_calc_skilltree(struct map_session_data *sd)
} else { //Link bard skills to dancer.
if( sd->status.skill[i].lv < 10 )
continue;
+ // i can be < 8?
sd->status.skill[i-8].id = skill->db[i-8].nameid;
sd->status.skill[i-8].lv = sd->status.skill[i].lv; // Set the level to the same as the linking skill
sd->status.skill[i-8].flag = SKILL_FLAG_TEMPORARY; // Tag it as a non-savable, non-uppable, bonus skill