diff options
-rw-r--r-- | Changelog.txt | 3 | ||||
-rw-r--r-- | src/map/map.h | 1 | ||||
-rw-r--r-- | src/map/vending.c | 3 |
3 files changed, 5 insertions, 2 deletions
diff --git a/Changelog.txt b/Changelog.txt index 72e66395c..90034c6cd 100644 --- a/Changelog.txt +++ b/Changelog.txt @@ -1,5 +1,8 @@ Date Added 12/26 + * Fixed crash associated with vending more then 12 items + which walked on memory.. corrupting the pet data + structure (SVN: 801) [MouseJstr] * Fixed a crash that resulted when disconnecting (SVN 800) the new client when the old client is still connected [MouseJstr] * Fixed some gcc 2.95 compile errors [MouseJstr] diff --git a/src/map/map.h b/src/map/map.h index 2b976fe6c..9da2592c1 100644 --- a/src/map/map.h +++ b/src/map/map.h @@ -32,6 +32,7 @@ #define MAX_WALKPATH 32 #define MAX_DROP_PER_MAP 48 #define MAX_IGNORE_LIST 80 +#define MAX_VENDING 12 #define DEFAULT_AUTOSAVE_INTERVAL 60*1000 diff --git a/src/map/vending.c b/src/map/vending.c index 54af338c1..ec9076310 100644 --- a/src/map/vending.c +++ b/src/map/vending.c @@ -141,7 +141,7 @@ void vending_openvending(struct map_session_data *sd,int len,char *message,int f } if (flag) { - for(i = 0; 85 + 8 * i < len; i++) { + for(i = 0; (85 + 8 * i < len) && (i < MAX_VENDING); i++) { sd->vending[i].index = *(short*)(p+8*i)-2; sd->vending[i].amount = *(short*)(p+2+8*i); sd->vending[i].value = *(int*)(p+4+8*i); @@ -154,7 +154,6 @@ void vending_openvending(struct map_session_data *sd,int len,char *message,int f } sd->vender_id = sd->bl.id; sd->vend_num = i; - Assert (sd->vend_num < (sizeof (sd->vending) / sizeof(sd->vending[0]))); strcpy(sd->message,message); if (clif_openvending(sd,sd->vender_id,sd->vending) > 0) clif_showvendingboard(&sd->bl,message,0); |