summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorshennetsind <ind@henn.et>2015-01-17 18:49:03 -0200
committershennetsind <ind@henn.et>2015-01-17 18:49:03 -0200
commit3e53a34615c2535dbed3d7c2c7a00f1ef3eaff0a (patch)
tree2f646d420976e459ef585debfca2ae55d3185528
parent348044f12d5f683c8945e0eac642f2795050fb4e (diff)
downloadhercules-3e53a34615c2535dbed3d7c2c7a00f1ef3eaff0a.tar.gz
hercules-3e53a34615c2535dbed3d7c2c7a00f1ef3eaff0a.tar.bz2
hercules-3e53a34615c2535dbed3d7c2c7a00f1ef3eaff0a.tar.xz
hercules-3e53a34615c2535dbed3d7c2c7a00f1ef3eaff0a.zip
Another ~10 Fixes
Addressing out of bounds read/write. Special Thanks to 4144 and Haruna! Signed-off-by: shennetsind <ind@henn.et>
-rw-r--r--src/char/pincode.c4
-rw-r--r--src/map/battle.c2
-rw-r--r--src/map/duel.c2
-rw-r--r--src/map/itemdb.c2
-rw-r--r--src/map/npc.c3
-rw-r--r--src/map/path.c6
-rw-r--r--src/map/script.c2
-rw-r--r--src/map/skill.c3
-rw-r--r--src/map/unit.c4
9 files changed, 18 insertions, 10 deletions
diff --git a/src/char/pincode.c b/src/char/pincode.c
index e0ee9557d..02c71b3b6 100644
--- a/src/char/pincode.c
+++ b/src/char/pincode.c
@@ -78,7 +78,7 @@ void pincode_change(int fd, struct char_session_data* sd) {
safestrncpy(newpin, (char*)RFIFOP(fd,10), sizeof(newpin));
pincode->decrypt(sd->pincode_seed,newpin);
pincode->update( sd->account_id, newpin );
- strncpy(sd->pincode, newpin, sizeof(sd->pincode));
+ safestrncpy(sd->pincode, newpin, sizeof(sd->pincode));
pincode->sendstate( fd, sd, PINCODE_ASK );
}
@@ -114,7 +114,7 @@ void pincode_notifyLoginPinUpdate(int account_id, char* pin) {
WFIFOHEAD(chr->login_fd,11);
WFIFOW(chr->login_fd,0) = 0x2738;
WFIFOL(chr->login_fd,2) = account_id;
- strncpy( (char*)WFIFOP(chr->login_fd,6), pin, 5 );
+ safestrncpy( (char*)WFIFOP(chr->login_fd,6), pin, 5 );
WFIFOSET(chr->login_fd,11);
}
diff --git a/src/map/battle.c b/src/map/battle.c
index 998fad0af..7e7317935 100644
--- a/src/map/battle.c
+++ b/src/map/battle.c
@@ -303,7 +303,7 @@ int battle_attr_ratio(int atk_elem,int def_type, int def_lv)
if (atk_elem < 0 || atk_elem >= ELE_MAX)
return 100;
- if (def_type < 0 || def_type > ELE_MAX || def_lv < 1 || def_lv > 4)
+ if (def_type < 0 || def_type >= ELE_MAX || def_lv < 1 || def_lv > 4)
return 100;
return battle->attr_fix_table[def_lv-1][atk_elem][def_type];
diff --git a/src/map/duel.c b/src/map/duel.c
index 0ae2770c4..98fa91d3e 100644
--- a/src/map/duel.c
+++ b/src/map/duel.c
@@ -80,7 +80,7 @@ int duel_create(struct map_session_data* sd, const unsigned int maxpl) {
int i=1;
char output[256];
- while(duel->list[i].members_count > 0 && i < MAX_DUEL) i++;
+ while(i < MAX_DUEL && duel->list[i].members_count > 0) i++;
if(i == MAX_DUEL) return 0;
duel->count++;
diff --git a/src/map/itemdb.c b/src/map/itemdb.c
index 8b6dfba63..b537d69be 100644
--- a/src/map/itemdb.c
+++ b/src/map/itemdb.c
@@ -2242,7 +2242,7 @@ void itemdb_reload(void) {
if (k == MAX_SEARCH)
continue;
- if (id->mob[k].id != i)
+ if (id->mob[k].id != i && k != MAX_SEARCH - 1)
memmove(&id->mob[k+1], &id->mob[k], (MAX_SEARCH-k-1)*sizeof(id->mob[0]));
id->mob[k].chance = entry->dropitem[d].p;
id->mob[k].id = i;
diff --git a/src/map/npc.c b/src/map/npc.c
index 28709d34f..8ecefb5a0 100644
--- a/src/map/npc.c
+++ b/src/map/npc.c
@@ -3605,7 +3605,8 @@ const char* npc_parse_mob(char* w1, char* w2, char* w3, char* w4, const char* st
}
if (mobspawn.num > db->spawn[i].qty) {
//Insert into list
- memmove(&db->spawn[i+1], &db->spawn[i], sizeof(db->spawn) -(i+1)*sizeof(db->spawn[0]));
+ if( i != ARRAYLENGTH(db->spawn) - 1 )
+ memmove(&db->spawn[i+1], &db->spawn[i], sizeof(db->spawn) -(i+1)*sizeof(db->spawn[0]));
db->spawn[i].mapindex = map_id2index(mobspawn.m);
db->spawn[i].qty = mobspawn.num;
break;
diff --git a/src/map/path.c b/src/map/path.c
index a7315da3c..600dfc082 100644
--- a/src/map/path.c
+++ b/src/map/path.c
@@ -255,6 +255,12 @@ bool path_search(struct walkpath_data *wpd, int16 m, int16 x0, int16 y0, int16 x
// Check destination cell
if (x1 < 0 || x1 >= md->xs || y1 < 0 || y1 >= md->ys || md->getcellp(md,x1,y1,cell))
return false;
+
+ if( x0 == x1 && y0 == y1 ) {
+ wpd->path_len = 0;
+ wpd->path_pos = 0;
+ return true;
+ }
if (flag&1) {
// Try finding direct path to target
diff --git a/src/map/script.c b/src/map/script.c
index 612bfa69e..2249d53cc 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -12421,7 +12421,7 @@ BUILDIN(getinventorylist){
BUILDIN(getcartinventorylist){
TBL_PC *sd=script->rid2sd(st);
- char card_var[NAME_LENGTH];
+ char card_var[26];
int i,j=0,k;
if(!sd) return true;
diff --git a/src/map/skill.c b/src/map/skill.c
index 749f06799..8c1d7e1e5 100644
--- a/src/map/skill.c
+++ b/src/map/skill.c
@@ -10877,7 +10877,7 @@ int skill_castend_pos2(struct block_list* src, int x, int y, uint16 skill_id, ui
case SO_FIREWALK:
case SO_ELECTRICWALK:
- if( sc && sc->data[type] )
+ if( sce )
status_change_end(src,type,INVALID_TIMER);
clif->skill_nodamage(src, src ,skill_id, skill_lv,
sc_start2(src,src, type, 100, skill_id, skill_lv, skill->get_time(skill_id, skill_lv)));
@@ -18849,6 +18849,7 @@ bool skill_parse_row_improvisedb(char* split[], int columns, int current) {
}
if( current >= MAX_SKILL_IMPROVISE_DB ) {
ShowError("skill_improvise_db: Maximum amount of entries reached (%d), increase MAX_SKILL_IMPROVISE_DB\n",MAX_SKILL_IMPROVISE_DB);
+ return false;
}
skill->improvise_db[current].skill_id = skill_id;
skill->improvise_db[current].per = j; // Still need confirm it.
diff --git a/src/map/unit.c b/src/map/unit.c
index 7f41f4709..a6edef408 100644
--- a/src/map/unit.c
+++ b/src/map/unit.c
@@ -1971,8 +1971,8 @@ bool unit_can_reach_bl(struct block_list *bl,struct block_list *tbl, int range,
if (map->getcell(tbl->m,tbl->x-dx,tbl->y-dy,CELL_CHKNOPASS)) {
//Look for a suitable cell to place in.
- for(i=0;i<9 && map->getcell(tbl->m,tbl->x-dirx[i],tbl->y-diry[i],CELL_CHKNOPASS);i++);
- if (i==9) return false; //No valid cells.
+ for(i=0;i<8 && map->getcell(tbl->m,tbl->x-dirx[i],tbl->y-diry[i],CELL_CHKNOPASS);i++);
+ if (i==8) return false; //No valid cells.
dx = dirx[i];
dy = diry[i];
}