Added protection from segfault by int overflow in atcommand heal. (bugreport:1886)

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@13321 54d463be-8e91-2dee-dedb-b68131a5f0ec

2 files changed, 11 insertions, 2 deletions

diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt
index b4d822279..eeaf1317e 100644
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -4,6 +4,7 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK.  ALL UNTESTED BUGFIXES/FEATURES GO
 IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
 
 2008/10/24
+	* Added protection from segfault by int overflow in atcommand heal. (bugreport:1886) [Paradox924X]
 	* Commented out unused function clif_marriage_process. [Paradox924X]
 2008/10/21
 	* Added a check to make sure a player wasn't in a guild when they accepted a guild invitation. [Paradox924X]
diff --git a/src/map/atcommand.c b/src/map/atcommand.c
index f29c13b39..b19481e39 100644
--- a/src/map/atcommand.c
+++ b/src/map/atcommand.c
@@ -1504,14 +1504,22 @@ int atcommand_heal(const int fd, struct map_session_data* sd, const char* comman
 
 	sscanf(message, "%d %d", &hp, &sp);
 
-	if (hp == 0 && sp == 0) {
+	if ( ( hp == 0 && sp == 0 )
+		|| ( hp > 2147483647 || sp > 2147483647 ) ) { // Prevent overflow. [Paradox924X]
 		if (!status_percent_heal(&sd->bl, 100, 100))
 			clif_displaymessage(fd, msg_txt(157)); // HP and SP have already been recovered.
 		else
 			clif_displaymessage(fd, msg_txt(17)); // HP, SP recovered.
 		return 0;
 	}
-	
+
+	if ( hp < -2147483647 || sp < -2147483647 ) { // Prevent overflow. [Paradox924X]
+		status_damage(NULL, &sd->bl, 2147483647, 2147483647, 0, 0);
+		clif_damage(&sd->bl,&sd->bl, gettick(), 0, 0, -hp, 0 , 4, 0);
+		clif_displaymessage(fd, msg_txt(156)); // HP or/and SP modified.
+		return 0;
+	}
+
 	if(hp > 0 && sp >= 0) {
 		if(!status_heal(&sd->bl, hp, sp, 0))
 			clif_displaymessage(fd, msg_txt(157)); // HP and SP are already with the good value.