- Fixed the start_point setting smashing t3h stack in some situations

- Fixed some over/under-dimensioned arrays (the map length defines already reserve space for the string terminator)
- Fixed an unupdated define making Warp Portal fail with an error
- Fixed some skill entries of the Galion mob

git-svn-id: https://rathena.svn.sourceforge.net/svnroot/rathena/trunk@10168 54d463be-8e91-2dee-dedb-b68131a5f0ec

5 files changed, 14 insertions, 16 deletions

diff --git a/src/char/char.c b/src/char/char.c
index 46379bf30..a9c9532e1 100644
--- a/src/char/char.c
+++ b/src/char/char.c
@@ -4152,9 +4152,9 @@ int char_config_read(const char *cfgName) {
 		} else if (strcmpi(w1, "save_log") == 0) {
 			save_log = config_switch(w2);
 		} else if (strcmpi(w1, "start_point") == 0) {
-			char map[MAP_NAME_LENGTH];
+			char map[MAP_NAME_LENGTH_EXT];
 			int x, y;
-			if (sscanf(w2, "%16[^,],%d,%d", map, &x, &y) < 3)
+			if (sscanf(w2, "%15[^,],%d,%d", map, &x, &y) < 3)
 				continue;
 			start_point.map = mapindex_name2id(map);
 			if (!start_point.map) {
diff --git a/src/char_sql/char.c b/src/char_sql/char.c
index a0c780cb9..f7b97bc7a 100644
--- a/src/char_sql/char.c
+++ b/src/char_sql/char.c
@@ -4025,7 +4025,7 @@ int char_config_read(const char *cfgName) {
 		} else if (strcmpi(w1, "start_point") == 0) {
 			char map[MAP_NAME_LENGTH_EXT];
 			int x, y;
-			if (sscanf(w2, "%16[^,],%d,%d", map, &x, &y) < 3)
+			if (sscanf(w2, "%15[^,],%d,%d", map, &x, &y) < 3)
 				continue;
 			start_point.map = mapindex_name2id(map);
 			if (!start_point.map)
diff --git a/src/common/mapindex.c b/src/common/mapindex.c
index cc847e538..b8bb12c18 100644
--- a/src/common/mapindex.c
+++ b/src/common/mapindex.c
@@ -12,9 +12,8 @@
 
 #define MAX_MAPINDEX 2000
 
-//Leave an extra char of space to hold the terminator, in case for the strncpy(mapindex_id2name()) calls.
 struct indexes {
-	char name[MAP_NAME_LENGTH+1]; //Stores map name
+	char name[MAP_NAME_LENGTH]; //Stores map name
 	char exists; //Set to 1 if index exists
 } indexes[MAX_MAPINDEX];
 
@@ -42,14 +41,14 @@ char *mapindex_normalize_name(char *mapname)
 /// Returns 1 if successful, 0 oherwise
 int mapindex_addmap(int index, const char *name)
 {
-	char map_name[1024];
+	char map_name[MAP_NAME_LENGTH_EXT];
 
 	if (index < 0 || index >= MAX_MAPINDEX) {
 		ShowError("(mapindex_add) Map index (%d) for \"%s\" out of range (max is %d)\n", index, name, MAX_MAPINDEX);
 		return 0;
 	}
 
-	snprintf(map_name, 1024, "%s", name);
+	snprintf(map_name, MAP_NAME_LENGTH_EXT, "%s", name);
 	mapindex_normalize_name(map_name);
 
 	if (strlen(map_name) > MAP_NAME_LENGTH-1) {
@@ -60,7 +59,7 @@ int mapindex_addmap(int index, const char *name)
 	if (indexes[index].exists)
 		ShowWarning("(mapindex_add) Overriding index %d: map \"%s\" -> \"%s\"\n", index, indexes[index].name, map_name);
 
-	strncpy(indexes[index].name, map_name, MAP_NAME_LENGTH);
+	snprintf(indexes[index].name, MAP_NAME_LENGTH, "%s", map_name);
 	indexes[index].exists = 1;
 	if (max_index <= index)
 		max_index = index+1;
@@ -70,9 +69,9 @@ int mapindex_addmap(int index, const char *name)
 unsigned short mapindex_name2id(const char* name) {
 	//TODO: Perhaps use a db to speed this up? [Skotlex]
 	int i;
-	char map_name[1024];
+	char map_name[MAP_NAME_LENGTH_EXT];
 
-	snprintf(map_name, 1024, "%s", name);
+	snprintf(map_name, MAP_NAME_LENGTH_EXT, "%s", name);
 	mapindex_normalize_name(map_name);
 
 	for (i = 1; i < max_index; i++)
@@ -107,7 +106,7 @@ void mapindex_init(void) {
 	char line[1024];
 	int last_index = -1;
 	int index;
-	char map_name[1024];
+	char map_name[1024]; // only MAP_NAME_LENGTH(_EXT) under safe conditions
 	
 	memset (&indexes, 0, sizeof (indexes));
 	fp=fopen(mapindex_cfgfile,"r");
@@ -119,7 +118,7 @@ void mapindex_init(void) {
 		if(line[0] == '/' && line[1] == '/')
 			continue;
 
-		switch (sscanf(line,"%1000s\t%d",map_name,&index)) {
+		switch (sscanf(line,"%s\t%d",map_name,&index)) {
 			case 1: //Map with no ID given, auto-assign
 				index = last_index+1;
 			case 2: //Map with ID given
diff --git a/src/map/atcommand.c b/src/map/atcommand.c
index 2ce3009eb..916bf2387 100644
--- a/src/map/atcommand.c
+++ b/src/map/atcommand.c
@@ -5433,7 +5433,7 @@ int atcommand_mapinfo(const int fd, struct map_session_data* sd, const char* com
 
 	if (atcmd_player_name[0] == '\0') {
 		memcpy(atcmd_player_name, mapindex_id2name(sd->mapindex), MAP_NAME_LENGTH_EXT);
-		atcmd_player_name[MAP_NAME_LENGTH_EXT] = '\0';
+		atcmd_player_name[MAP_NAME_LENGTH_EXT-1] = '\0';
 		m_id =  map_mapindex2mapid(sd->mapindex);
 	} else {
 		m_id = map_mapname2mapid(atcmd_player_name);
diff --git a/src/map/skill.c b/src/map/skill.c
index b44219db1..0bd3f288e 100644
--- a/src/map/skill.c
+++ b/src/map/skill.c
@@ -6095,8 +6095,7 @@ int skill_castend_pos2 (struct block_list *src, int x, int y, int skillid, int s
 			if (skilllv>3 && sd->status.memo_point[2].map)
 				snprintf(memo[3], MAP_NAME_LENGTH_EXT, "%s.gat", mapindex_id2name(sd->status.memo_point[2].map));
 
-			clif_skill_warppoint(sd,skillid,skilllv,
-				memo[0],memo[1],memo[2],memo[3]);
+			clif_skill_warppoint(sd,skillid,skilllv, memo[0],memo[1],memo[2],memo[3]);
 		}
 		break;
 
@@ -6314,7 +6313,7 @@ int skill_castend_map (struct map_session_data *sd, int skill_num, const char *m
 	if( skill_num != sd->menuskill_id) 
 		return 0;
 
-	if (strlen(map) > MAP_NAME_LENGTH-1)
+	if (strlen(map) > MAP_NAME_LENGTH_EXT-1)
 	{	//Map_length check, as it is sent by the client and we shouldn't trust it [Skotlex]
 		if (battle_config.error_log)
 			ShowError("skill_castend_map: Received map name '%s' too long!\n", map);