From c653a703757acc13edbff5a2624c16df74cca4f1 Mon Sep 17 00:00:00 2001 From: shennetsind Date: Tue, 16 Apr 2013 03:46:44 -0300 Subject: Fixed Bug #419 added coodinate checks on a number of locations (parse duplicate/warp/shop/etc). http://hercules.ws/board/tracker/issue-419-loading-of-badly-placed-npcs/ Signed-off-by: shennetsind --- src/map/atcommand.c | 2 +- src/map/npc.c | 22 +++++++++++++++++----- src/map/trade.c | 3 +-- 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/src/map/atcommand.c b/src/map/atcommand.c index 320613be1..0fc803198 100644 --- a/src/map/atcommand.c +++ b/src/map/atcommand.c @@ -9007,7 +9007,7 @@ ACMD_FUNC(channel) { } if( hChSys.ally && sd->status.guild_id ) { struct guild *g = sd->guild; - if( !g ) return -1; + if( !g ) { dbi_destroy(iter); return -1; } sprintf(atcmd_output, msg_txt(1409), hChSys.ally_name, db_size(((struct hChSysCh *)g->channel)->users));// - #%s ( %d users ) clif->message(fd, atcmd_output); } diff --git a/src/map/npc.c b/src/map/npc.c index a3340de78..0e4c84455 100644 --- a/src/map/npc.c +++ b/src/map/npc.c @@ -2151,6 +2151,11 @@ static const char* npc_parse_warp(char* w1, char* w2, char* w3, char* w4, const return strchr(start,'\n');// skip and continue } + if( m != -1 && ( x < 0 || x >= map[m].xs || y < 0 || y >= map[m].ys ) ) { + ShowError("npc_parse_warp: out-of-bounds coordinates (\"%s\",%d,%d), map is %dx%d, in file '%s', line '%d'\n", map[m].name, x, y, map[m].xs, map[m].ys,filepath,strline(buffer,start-buffer)); + return strchr(start,'\n');;//try next + } + CREATE(nd, struct npc_data, 1); nd->bl.id = npc_get_new_npc_id(); @@ -2198,13 +2203,10 @@ static const char* npc_parse_shop(char* w1, char* w2, char* w3, char* w4, const struct npc_data *nd; enum npc_subtype type; - if( strcmp(w1,"-") == 0 ) - {// 'floating' shop? + if( strcmp(w1,"-") == 0 ) {// 'floating' shop? x = y = dir = 0; m = -1; - } - else - {// w1=,,, + } else {// w1=,,, char mapname[32]; if( sscanf(w1, "%31[^,],%d,%d,%d", mapname, &x, &y, &dir) != 4 || strchr(w4, ',') == NULL ) @@ -2216,6 +2218,11 @@ static const char* npc_parse_shop(char* w1, char* w2, char* w3, char* w4, const m = map_mapname2mapid(mapname); } + if( m != -1 && ( x < 0 || x >= map[m].xs || y < 0 || y >= map[m].ys ) ) { + ShowError("npc_parse_shop: out-of-bounds coordinates (\"%s\",%d,%d), map is %dx%d, in file '%s', line '%d'\n", map[m].name, x, y, map[m].xs, map[m].ys,filepath,strline(buffer,start-buffer)); + return strchr(start,'\n');;//try next + } + if( !strcasecmp(w2,"cashshop") ) type = CASHSHOP; else @@ -2601,6 +2608,11 @@ const char* npc_parse_duplicate(char* w1, char* w2, char* w3, char* w4, const ch m = map_mapname2mapid(mapname); } + if( m != -1 && ( x < 0 || x >= map[m].xs || y < 0 || y >= map[m].ys ) ) { + ShowError("npc_parse_duplicate: out-of-bounds coordinates (\"%s\",%d,%d), map is %dx%d, in file '%s', line '%d'\n", map[m].name, x, y, map[m].xs, map[m].ys,filepath,strline(buffer,start-buffer)); + return end;//try next + } + if( type == WARP && sscanf(w4, "%d,%d", &xs, &ys) == 2 );// , else if( type == SCRIPT && sscanf(w4, "%d,%d,%d", &class_, &xs, &ys) == 3);// ,, else if( type != WARP ) class_ = atoi(w4);// diff --git a/src/map/trade.c b/src/map/trade.c index 0b9609322..728ecbbb1 100644 --- a/src/map/trade.c +++ b/src/map/trade.c @@ -178,8 +178,7 @@ int impossible_trade_check(struct map_session_data *sd) nullpo_retr(1, sd); - if(sd->deal.zeny > sd->status.zeny) - { + if(sd->deal.zeny > sd->status.zeny) { pc_setglobalreg(sd,"ZENY_HACKER",1); return -1; } -- cgit v1.2.3-70-g09d2