From 8fc98e3906f38b25c71b60b26bb31d0027ee02a0 Mon Sep 17 00:00:00 2001
From: Andrei Karas <akaras@inbox.ru>
Date: Thu, 10 Sep 2015 17:03:23 +0300
Subject: Add extra checks into mail system.

---
 src/map/mail.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/map/mail.c')

diff --git a/src/map/mail.c b/src/map/mail.c
index 0bdad2877..8acfbdcb9 100644
--- a/src/map/mail.c
+++ b/src/map/mail.c
@@ -83,7 +83,7 @@ unsigned char mail_setitem(struct map_session_data *sd, int idx, int amount) {
 
 		if( idx < 0 || idx >= MAX_INVENTORY )
 			return 1;
-		if( amount < 0 || amount > sd->status.inventory[idx].amount )
+		if( amount <= 0 || amount > sd->status.inventory[idx].amount )
 			return 1;
 		if( !pc_can_give_items(sd) || sd->status.inventory[idx].expire_time ||
 			!itemdb_canmail(&sd->status.inventory[idx],pc_get_group_level(sd)) ||
@@ -122,6 +122,8 @@ bool mail_setattachment(struct map_session_data *sd, struct mail_message *msg)
 
 		memcpy(&msg->item, &sd->status.inventory[n], sizeof(struct item));
 		msg->item.amount = sd->mail.amount;
+		if (msg->item.amount != sd->mail.amount)  // check for amount overflow
+			return false;
 	}
 	else
 		memset(&msg->item, 0x00, sizeof(struct item));
-- 
cgit v1.2.3-60-g2f50