From f24c41af107b18bae5fccf7fd1cc483454ec6b71 Mon Sep 17 00:00:00 2001 From: blackhole89 Date: Thu, 9 Mar 2006 20:51:19 +0000 Subject: MAX_WEAPON_TYPE was used with less-than during loading, thus causing the weapon class MAX_WEAPON_TYPE not being read in. Additionally, aspd_base was too small (MAX_WEAPON_TYPE rather than MAX_WEAPON_TYPE+1), thus causing out-of-bounds memory access each time it was used. I wonder why nobody noticed that yet. git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@5540 54d463be-8e91-2dee-dedb-b68131a5f0ec --- Changelog-Trunk.txt | 3 +++ src/map/status.c | 10 +++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Changelog-Trunk.txt b/Changelog-Trunk.txt index 5914be5c1..03e5291bc 100644 --- a/Changelog-Trunk.txt +++ b/Changelog-Trunk.txt @@ -5,6 +5,9 @@ IF YOU HAVE A WORKING AND TESTED BUGFIX PUT IT INTO STABLE AS WELL AS TRUNK. EV GOES INTO TRUNK AND WILL BE MERGED INTO STABLE BY VALARIS AND WIZPUTER. -- VALARIS 2006/03/09 + * Fixed a major memory leak in status.c causing the last column of job_db1.txt + never being read. I have no idea how long this has been there, but signs point + to us using Katars at a random ASPD from somewhere in memory for ages. [blackhole89] * Fixed a critical bug in job_db1.txt reading in status_readdb. [blackhole89] * Fixed pc_damage_sp not properly substracting SP. [Skotlex] * Made Magic Crasher a BF_WEAPON attack. [Skotlex] diff --git a/src/map/status.c b/src/map/status.c index c6152530a..8b5645ccb 100644 --- a/src/map/status.c +++ b/src/map/status.c @@ -35,7 +35,7 @@ static int hp_coefficient[MAX_PC_CLASS]; static int hp_coefficient2[MAX_PC_CLASS]; static int hp_sigma_val[MAX_PC_CLASS][MAX_LEVEL]; static int sp_coefficient[MAX_PC_CLASS]; -static int aspd_base[MAX_PC_CLASS][MAX_WEAPON_TYPE]; +static int aspd_base[MAX_PC_CLASS][MAX_WEAPON_TYPE+1]; //[blackhole89] #define MAX_REFINE_BONUS 5 static int refinebonus[MAX_REFINE_BONUS][3]; // 精錬ボーナステーブル(refine_db.txt) int percentrefinery[5][MAX_REFINE+1]; // 精錬成功率(refine_db.txt) @@ -5737,15 +5737,15 @@ int status_readdb(void) { return 1; } while(fgets(line, sizeof(line)-1, fp)){ - char *split[MAX_WEAPON_TYPE + 5]; + char *split[MAX_WEAPON_TYPE + 6]; if(line[0]=='/' && line[1]=='/') continue; - for(j=0,p=line;j<(MAX_WEAPON_TYPE + 5) && p;j++){ //not 22 anymore [blackhole89] + for(j=0,p=line;j<=(MAX_WEAPON_TYPE + 5) && p;j++){ //not 22 anymore [blackhole89] split[j]=p; p=strchr(p,','); if(p) *p++=0; } - if(j<(MAX_WEAPON_TYPE + 5)) + if(j<=(MAX_WEAPON_TYPE + 5)) //Weapon #.MAX_WEAPON_TYPE is constantly not load. Fix to that: replace < with <= [blackhole89] continue; if(atoi(split[0])>=MAX_PC_CLASS) continue; @@ -5753,7 +5753,7 @@ int status_readdb(void) { hp_coefficient[atoi(split[0])]=atoi(split[2]); hp_coefficient2[atoi(split[0])]=atoi(split[3]); sp_coefficient[atoi(split[0])]=atoi(split[4]); - for(j=0;j