Add check for valid item amount to BUILDIN(rodex_sendmail2)

1 files changed, 14 insertions, 1 deletions

diff --git a/src/map/script.c b/src/map/script.c
index 1448715a7..1f49f04b9 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -25335,6 +25335,19 @@ static BUILDIN(rodex_sendmail2)
 			ShowError("script:rodex_sendmail: Missing Item %d amount!\n", (i + 1));
 			return false;
 		}
+
+		if (!data_isint(script_getdata(st, param + 1))) {
+			ShowError("script:rodex_sendmail: Passed amount for item %d is not a number!\n", i + 1);
+			return false;
+		}
+
+		int amount = script_getnum(st, param + 1);
+
+		if (amount < 1 || amount > min(MAX_AMOUNT, SHRT_MAX)) {
+			ShowError("script:rodex_sendmail: Invalid amount %d passed for item %d!\n", amount, i + 1);
+			return false;
+		}
+
 		if (!script_hasdata(st, param + 2)) {
 			ShowError("script:rodex_sendmail: Missing Item %d refine!\n", (i + 1));
 			return false;
@@ -25367,7 +25380,7 @@ static BUILDIN(rodex_sendmail2)
 		}
 
 		msg.items[i].item.nameid = idata->nameid;
-		msg.items[i].item.amount = script_getnum(st, (param + 1));
+		msg.items[i].item.amount = amount;
 		msg.items[i].item.refine = script_getnum(st, (param + 2));
 		msg.items[i].item.attribute = script_getnum(st, (param + 3));
 		msg.items[i].item.identify = 1;