From a8ec74c0aaccf90920e33c8cfa0088359c853cfa Mon Sep 17 00:00:00 2001
From: Ben Longbons <b.r.longbons@gmail.com>
Date: Wed, 16 Apr 2014 13:46:55 -0700
Subject: Fix array out-of-bounds in trades

---
 src/map/trade.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/map/trade.cpp b/src/map/trade.cpp
index f358d90..c877d00 100644
--- a/src/map/trade.cpp
+++ b/src/map/trade.cpp
@@ -260,8 +260,11 @@ void trade_tradeok(dumb_ptr<map_session_data> sd)
 
     for (trade_i = 0; trade_i < TRADE_MAX; trade_i++)
     {
+        int index = sd->deal_item_index[trade_i];
+        if (index < 2 || index >= MAX_INVENTORY + 2)
+            continue;
         if (sd->deal_item_amount[trade_i] >
-            sd->status.inventory[sd->deal_item_index[trade_i] - 2].amount
+            sd->status.inventory[index - 2].amount
             || sd->deal_item_amount[trade_i] < 0)
         {
             trade_tradecancel(sd);
-- 
cgit v1.2.3-60-g2f50