Merge pull request #2540 from dastgirp/fix/buffer-overflow-npcshopdel

Fixed heap-buffer-overflow on npcshopdelitem
author: Haru <haru@dotalux.com> 2019-10-18 12:38:00 +0200
committer: GitHub <noreply@github.com> 2019-10-18 12:38:00 +0200
commit: be66e6f50c078cb712b8152357325fdaa6d9f35f (patch)
tree: dfc92d7a13c41f5ae55265fd9358072364a48449
parent: 9c5fb5b20cb2ada454f6acc39b9ad0c30d86cc55 (diff)
parent: d3bf0f5d82f83ddd352047318e292194d98454ab (diff)
download: hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.tar.gz
hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.tar.bz2
hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.tar.xz
hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.zip
1 files changed, 5 insertions, 3 deletions
diff --git a/src/map/script.c b/src/map/script.c
index 0fe97574c..fffe57c34 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -18494,10 +18494,12 @@ static BUILDIN(npcshopdelitem)
 		unsigned int nameid = script_getnum(st,i);
 
 		ARR_FIND(0, size, n, nd->u.shop.shop_item[n].nameid == nameid);
-		if (n < size) {
-			memmove(&nd->u.shop.shop_item[n], &nd->u.shop.shop_item[n+1], sizeof(nd->u.shop.shop_item[0])*(size-n));
-			size--;
+		if (n == size) {
+			continue;
+		} else if (n < size - 1) {
+			memmove(&nd->u.shop.shop_item[n], &nd->u.shop.shop_item[n+1], sizeof(nd->u.shop.shop_item[0]) * (size - n - 1));
 		}
+		size--;
 	}
 
 	RECREATE(nd->u.shop.shop_item, struct npc_item_list, size);
author	Haru <haru@dotalux.com>	2019-10-18 12:38:00 +0200
committer	GitHub <noreply@github.com>	2019-10-18 12:38:00 +0200
commit	be66e6f50c078cb712b8152357325fdaa6d9f35f (patch)
tree	dfc92d7a13c41f5ae55265fd9358072364a48449
parent	9c5fb5b20cb2ada454f6acc39b9ad0c30d86cc55 (diff)
parent	d3bf0f5d82f83ddd352047318e292194d98454ab (diff)
download	hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.tar.gz hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.tar.bz2 hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.tar.xz hercules-be66e6f50c078cb712b8152357325fdaa6d9f35f.zip