Fixed defense overflow exploit

* The defense penalty for being attacked by many enemies at the same time can no longer make DEF go negative
* Fixed two potential overflow exploits

When being hit by a lot of monsters, your DEF will become negative and then eventually overflow, making you almost invincible.

On official servers the simultaneous attacker count is limited to 22. So at max, your def is reduced by ((22-2)*5%) = 100%. So it should neither be able to make your DEF negative nor cause an overflow.

Merge from https://github.com/rathena/rathena/commit/590f42cd15c58de78cff8be6053109852375bce1#diff-d96b6365b4bdad78139e676d6e7e3295R4589

2 files changed, 2 insertions, 1 deletions

diff --git a/src/map/battle.c b/src/map/battle.c
index fceb30be1..16b503e9d 100644
--- a/src/map/battle.c
+++ b/src/map/battle.c
@@ -1382,6 +1382,7 @@ static int64 battle_calc_defense(int attack_type, struct block_list *src, struct
 #ifndef RENEWAL
 				if(skill_id == AM_ACIDTERROR) def1 = 0; //Acid Terror ignores only armor defense. [Skotlex]
 #endif
+				def1 = max(def1, 0);
 				if(def2 < 1) def2 = 1;
 			}
 			//Vitality reduction from rodatazone: http://rodatazone.simgaming.net/mechanics/substats.php#def
diff --git a/src/map/unit.c b/src/map/unit.c
index 9174bdccd..371be03db 100644
--- a/src/map/unit.c
+++ b/src/map/unit.c
@@ -1836,7 +1836,7 @@ static int unit_set_target(struct unit_data *ud, int target_id)
 		struct block_list* target;
 		if (ud->target && (target = map->id2bl(ud->target)) != NULL && (ux = unit->bl2ud(target)) != NULL && ux->target_count > 0)
 			--ux->target_count;
-		if (target_id && (target = map->id2bl(target_id)) != NULL && (ux = unit->bl2ud(target)) != NULL)
+		if (target_id && (target = map->id2bl(target_id)) != NULL && (ux = unit->bl2ud(target)) != NULL && ux->target_count < UCHAR_MAX)
 			++ux->target_count;
 	}