summaryrefslogtreecommitdiff
path: root/src/map/charcommand.c
diff options
context:
space:
mode:
authorParadox924X <Paradox924X@54d463be-8e91-2dee-dedb-b68131a5f0ec>2008-10-24 21:32:59 +0000
committerParadox924X <Paradox924X@54d463be-8e91-2dee-dedb-b68131a5f0ec>2008-10-24 21:32:59 +0000
commitd0444d585daf3f0203adb5779371e2e2cef57adf (patch)
tree0bf2363d68dcec5a3039239dbc2937b42cc1ad2a /src/map/charcommand.c
parent7c8415b104a7350f0ae76f73dcbd47c8f8f11224 (diff)
downloadhercules-d0444d585daf3f0203adb5779371e2e2cef57adf.tar.gz
hercules-d0444d585daf3f0203adb5779371e2e2cef57adf.tar.bz2
hercules-d0444d585daf3f0203adb5779371e2e2cef57adf.tar.xz
hercules-d0444d585daf3f0203adb5779371e2e2cef57adf.zip
Added protection from segfault by int overflow in charcommand heal and fixed a typo in atcommand heal. (Follow-up to r13321)
git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@13322 54d463be-8e91-2dee-dedb-b68131a5f0ec
Diffstat (limited to 'src/map/charcommand.c')
-rw-r--r--src/map/charcommand.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/map/charcommand.c b/src/map/charcommand.c
index b38f1611f..f3590e08d 100644
--- a/src/map/charcommand.c
+++ b/src/map/charcommand.c
@@ -1794,7 +1794,8 @@ int charcommand_heal(const int fd, struct map_session_data* sd, const char* comm
return -1;
}
- if (hp == 0 && sp == 0) {
+ if ( ( hp == 0 && sp == 0 )
+ || ( hp > 2147483647 || sp > 2147483647 ) ) { // Prevent overflow. [Paradox924X]
if (!status_percent_heal(&pl_sd->bl, 100, 100))
clif_displaymessage(fd, msg_txt(157)); // HP and SP are already with the good value.
else
@@ -1805,6 +1806,13 @@ int charcommand_heal(const int fd, struct map_session_data* sd, const char* comm
}
return 0;
}
+
+ if ( hp < -2147483647 || sp < -2147483647 ) { // Prevent overflow. [Paradox924X]
+ status_damage(NULL, &pl_sd->bl, 2147483647, 2147483647, 0, 0);
+ clif_damage(&pl_sd->bl,&pl_sd->bl, gettick(), 0, 0, 2147483647, 0 , 4, 0);
+ clif_displaymessage(fd, msg_txt(156)); // HP or/and SP modified.
+ return 0;
+ }
if(hp > 0 && sp >= 0) {
if(!status_heal(&pl_sd->bl, hp, sp, 2))