summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Changelog.txt3
-rw-r--r--src/map/map.h1
-rw-r--r--src/map/vending.c3
3 files changed, 5 insertions, 2 deletions
diff --git a/Changelog.txt b/Changelog.txt
index 72e66395c..90034c6cd 100644
--- a/Changelog.txt
+++ b/Changelog.txt
@@ -1,5 +1,8 @@
Date Added
12/26
+ * Fixed crash associated with vending more then 12 items
+ which walked on memory.. corrupting the pet data
+ structure (SVN: 801) [MouseJstr]
* Fixed a crash that resulted when disconnecting (SVN 800)
the new client when the old client is still connected [MouseJstr]
* Fixed some gcc 2.95 compile errors [MouseJstr]
diff --git a/src/map/map.h b/src/map/map.h
index 2b976fe6c..9da2592c1 100644
--- a/src/map/map.h
+++ b/src/map/map.h
@@ -32,6 +32,7 @@
#define MAX_WALKPATH 32
#define MAX_DROP_PER_MAP 48
#define MAX_IGNORE_LIST 80
+#define MAX_VENDING 12
#define DEFAULT_AUTOSAVE_INTERVAL 60*1000
diff --git a/src/map/vending.c b/src/map/vending.c
index 54af338c1..ec9076310 100644
--- a/src/map/vending.c
+++ b/src/map/vending.c
@@ -141,7 +141,7 @@ void vending_openvending(struct map_session_data *sd,int len,char *message,int f
}
if (flag) {
- for(i = 0; 85 + 8 * i < len; i++) {
+ for(i = 0; (85 + 8 * i < len) && (i < MAX_VENDING); i++) {
sd->vending[i].index = *(short*)(p+8*i)-2;
sd->vending[i].amount = *(short*)(p+2+8*i);
sd->vending[i].value = *(int*)(p+4+8*i);
@@ -154,7 +154,6 @@ void vending_openvending(struct map_session_data *sd,int len,char *message,int f
}
sd->vender_id = sd->bl.id;
sd->vend_num = i;
- Assert (sd->vend_num < (sizeof (sd->vending) / sizeof(sd->vending[0])));
strcpy(sd->message,message);
if (clif_openvending(sd,sd->vender_id,sd->vending) > 0)
clif_showvendingboard(&sd->bl,message,0);