Fixed heap-buffer-overflow on npcshopdelitem

npcshopdelitem now moves data within structure size.
author: Dastgir <dastgirp@gmail.com> 2019-10-01 19:51:35 +0530
committer: Dastgir <dastgirp@gmail.com> 2019-10-02 11:56:43 +0530
commit: d3bf0f5d82f83ddd352047318e292194d98454ab (patch)
tree: 193767b24b0165b68dd7c0d6f5676d6eea7803f1 /src/map/script.c
parent: 852c13305f67948531bd0277eb1922dbd02b1f26 (diff)
download: hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.tar.gz
hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.tar.bz2
hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.tar.xz
hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/src/map/script.c b/src/map/script.c
index b787d0138..c66ebf481 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -18030,10 +18030,12 @@ static BUILDIN(npcshopdelitem)
 		unsigned int nameid = script_getnum(st,i);
 
 		ARR_FIND(0, size, n, nd->u.shop.shop_item[n].nameid == nameid);
-		if (n < size) {
-			memmove(&nd->u.shop.shop_item[n], &nd->u.shop.shop_item[n+1], sizeof(nd->u.shop.shop_item[0])*(size-n));
-			size--;
+		if (n == size) {
+			continue;
+		} else if (n < size - 1) {
+			memmove(&nd->u.shop.shop_item[n], &nd->u.shop.shop_item[n+1], sizeof(nd->u.shop.shop_item[0]) * (size - n - 1));
 		}
+		size--;
 	}
 
 	RECREATE(nd->u.shop.shop_item, struct npc_item_list, size);
author	Dastgir <dastgirp@gmail.com>	2019-10-01 19:51:35 +0530
committer	Dastgir <dastgirp@gmail.com>	2019-10-02 11:56:43 +0530
commit	d3bf0f5d82f83ddd352047318e292194d98454ab (patch)
tree	193767b24b0165b68dd7c0d6f5676d6eea7803f1 /src/map/script.c
parent	852c13305f67948531bd0277eb1922dbd02b1f26 (diff)
download	hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.tar.gz hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.tar.bz2 hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.tar.xz hercules-d3bf0f5d82f83ddd352047318e292194d98454ab.zip