summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Changelog-Trunk.txt1
-rw-r--r--src/map/atcommand.c2
-rw-r--r--src/map/charcommand.c10
3 files changed, 11 insertions, 2 deletions
diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt
index eeaf1317e..5574dab0b 100644
--- a/Changelog-Trunk.txt
+++ b/Changelog-Trunk.txt
@@ -4,6 +4,7 @@ AS OF SVN REV. 5091, WE ARE NOW USING TRUNK. ALL UNTESTED BUGFIXES/FEATURES GO
IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK.
2008/10/24
+ * Added protection from segfault by int overflow in charcommand heal and fixed a typo in atcommand heal. (Follow-up to r13321) [Paradox924X]
* Added protection from segfault by int overflow in atcommand heal. (bugreport:1886) [Paradox924X]
* Commented out unused function clif_marriage_process. [Paradox924X]
2008/10/21
diff --git a/src/map/atcommand.c b/src/map/atcommand.c
index b19481e39..260288690 100644
--- a/src/map/atcommand.c
+++ b/src/map/atcommand.c
@@ -1515,7 +1515,7 @@ int atcommand_heal(const int fd, struct map_session_data* sd, const char* comman
if ( hp < -2147483647 || sp < -2147483647 ) { // Prevent overflow. [Paradox924X]
status_damage(NULL, &sd->bl, 2147483647, 2147483647, 0, 0);
- clif_damage(&sd->bl,&sd->bl, gettick(), 0, 0, -hp, 0 , 4, 0);
+ clif_damage(&sd->bl,&sd->bl, gettick(), 0, 0, 2147483647, 0 , 4, 0);
clif_displaymessage(fd, msg_txt(156)); // HP or/and SP modified.
return 0;
}
diff --git a/src/map/charcommand.c b/src/map/charcommand.c
index b38f1611f..f3590e08d 100644
--- a/src/map/charcommand.c
+++ b/src/map/charcommand.c
@@ -1794,7 +1794,8 @@ int charcommand_heal(const int fd, struct map_session_data* sd, const char* comm
return -1;
}
- if (hp == 0 && sp == 0) {
+ if ( ( hp == 0 && sp == 0 )
+ || ( hp > 2147483647 || sp > 2147483647 ) ) { // Prevent overflow. [Paradox924X]
if (!status_percent_heal(&pl_sd->bl, 100, 100))
clif_displaymessage(fd, msg_txt(157)); // HP and SP are already with the good value.
else
@@ -1805,6 +1806,13 @@ int charcommand_heal(const int fd, struct map_session_data* sd, const char* comm
}
return 0;
}
+
+ if ( hp < -2147483647 || sp < -2147483647 ) { // Prevent overflow. [Paradox924X]
+ status_damage(NULL, &pl_sd->bl, 2147483647, 2147483647, 0, 0);
+ clif_damage(&pl_sd->bl,&pl_sd->bl, gettick(), 0, 0, 2147483647, 0 , 4, 0);
+ clif_displaymessage(fd, msg_txt(156)); // HP or/and SP modified.
+ return 0;
+ }
if(hp > 0 && sp >= 0) {
if(!status_heal(&pl_sd->bl, hp, sp, 2))
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-30 11:07:13 +0000