summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/char/char.c108
-rw-r--r--src/char/int_auction.c8
-rw-r--r--src/char/int_elemental.c4
-rw-r--r--src/char/int_guild.c48
-rw-r--r--src/char/int_homun.c7
-rw-r--r--src/char/int_mail.c12
-rw-r--r--src/char/int_mercenary.c6
-rw-r--r--src/char/int_party.c14
-rw-r--r--src/char/int_pet.c6
-rw-r--r--src/char/int_quest.c5
-rw-r--r--src/char/int_storage.c8
-rw-r--r--src/char/inter.c24
-rw-r--r--src/char/loginif.c9
-rw-r--r--src/char/pincode.c15
14 files changed, 237 insertions, 37 deletions
diff --git a/src/char/char.c b/src/char/char.c
index 83bb36a34..756b7397a 100644
--- a/src/char/char.c
+++ b/src/char/char.c
@@ -39,6 +39,7 @@
#include "../common/malloc.h"
#include "../common/mapindex.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/strlib.h"
@@ -317,6 +318,7 @@ static int char_db_setoffline(DBKey key, DBData *data, va_list ap)
{
struct online_char_data* character = (struct online_char_data*)DB->data2ptr(data);
int server_id = va_arg(ap, int);
+ nullpo_ret(character);
if (server_id == -1) {
character->char_id = -1;
character->server = -1;
@@ -336,12 +338,13 @@ static int char_db_kickoffline(DBKey key, DBData *data, va_list ap)
{
struct online_char_data* character = (struct online_char_data*)DB->data2ptr(data);
int server_id = va_arg(ap, int);
+ nullpo_ret(character);
if (server_id > -1 && character->server != server_id)
return 0;
//Kick out any connected characters, and set them offline as appropriate.
- if (character->server > -1)
+ if (character->server > -1 && character->server < MAX_MAP_SERVERS)
mapif->disconnectplayer(chr->server[character->server].fd, character->account_id, character->char_id, 1);
else if (character->waiting_disconnect == INVALID_TIMER)
chr->set_char_offline(character->char_id, character->account_id);
@@ -404,7 +407,8 @@ int char_mmo_char_tosql(int char_id, struct mmo_charstatus* p)
int errors = 0; //If there are any errors while saving, "cp" will not be updated at the end.
StringBuf buf;
- if (char_id!=p->char_id) return 0;
+ nullpo_ret(p);
+ if (char_id != p->char_id) return 0;
cp = idb_ensure(chr->char_db_, char_id, chr->create_charstatus);
@@ -1008,6 +1012,9 @@ int char_mmo_chars_fromsql(struct char_session_data* sd, uint8* buf)
time_t unban_time = 0;
char sex[2];
+ nullpo_ret(sd);
+ nullpo_ret(buf);
+
stmt = SQL->StmtMalloc(inter->sql_handle);
if( stmt == NULL ) {
SqlStmt_ShowDebug(stmt);
@@ -1075,6 +1082,8 @@ int char_mmo_chars_fromsql(struct char_session_data* sd, uint8* buf)
}
for( i = 0; i < MAX_CHARS && SQL_SUCCESS == SQL->StmtNextRow(stmt); i++ ) {
+ if (p.slot >= MAX_CHARS)
+ continue;
p.last_point.map = mapindex->name2id(last_map);
sd->found_char[p.slot] = p.char_id;
sd->unban_time[p.slot] = unban_time;
@@ -1122,6 +1131,8 @@ int char_mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_every
int account_id;
char sex[2];
+ nullpo_ret(p);
+
memset(p, 0, sizeof(struct mmo_charstatus));
if (save_log) ShowInfo("Char load request (%d)\n", char_id);
@@ -1325,8 +1336,9 @@ int char_mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_every
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 7, SQLDT_UINT, &tmp_item.expire_time, 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 8, SQLDT_UCHAR, &tmp_item.bound, 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 9, SQLDT_UINT64, &tmp_item.unique_id, 0, NULL, NULL)
- )
+ ) {
SqlStmt_ShowDebug(stmt);
+ }
for( i = 0; i < MAX_SLOTS; ++i )
if( SQL_ERROR == SQL->StmtBindColumn(stmt, 10+i, SQLDT_SHORT, &tmp_item.card[i], 0, NULL, NULL) )
SqlStmt_ShowDebug(stmt);
@@ -1348,8 +1360,9 @@ int char_mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_every
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 0, SQLDT_USHORT, &tmp_skill.id , 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 1, SQLDT_UCHAR , &tmp_skill.lv , 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 2, SQLDT_UCHAR , &tmp_skill.flag, 0, NULL, NULL)
- )
+ ) {
SqlStmt_ShowDebug(stmt);
+ }
if( tmp_skill.flag != SKILL_FLAG_PERM_GRANTED )
tmp_skill.flag = SKILL_FLAG_PERMANENT;
@@ -1370,8 +1383,10 @@ int char_mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_every
|| SQL_ERROR == SQL->StmtExecute(stmt)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 0, SQLDT_INT, &tmp_friend.account_id, 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 1, SQLDT_INT, &tmp_friend.char_id, 0, NULL, NULL)
- || SQL_ERROR == SQL->StmtBindColumn(stmt, 2, SQLDT_STRING, &tmp_friend.name, sizeof(tmp_friend.name), NULL, NULL) )
+ || SQL_ERROR == SQL->StmtBindColumn(stmt, 2, SQLDT_STRING, &tmp_friend.name, sizeof(tmp_friend.name), NULL, NULL)
+ ) {
SqlStmt_ShowDebug(stmt);
+ }
for( i = 0; i < MAX_FRIENDS && SQL_SUCCESS == SQL->StmtNextRow(stmt); ++i )
memcpy(&p->friends[i], &tmp_friend, sizeof(tmp_friend));
@@ -1414,8 +1429,10 @@ int char_mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_every
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 0, SQLDT_INT, &p->bank_vault, 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 1, SQLDT_USHORT, &p->mod_exp, 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 2, SQLDT_USHORT, &p->mod_drop, 0, NULL, NULL)
- || SQL_ERROR == SQL->StmtBindColumn(stmt, 3, SQLDT_USHORT, &p->mod_death, 0, NULL, NULL) )
+ || SQL_ERROR == SQL->StmtBindColumn(stmt, 3, SQLDT_USHORT, &p->mod_death, 0, NULL, NULL)
+ ) {
SqlStmt_ShowDebug(stmt);
+ }
if( SQL_SUCCESS == SQL->StmtNextRow(stmt) )
strcat(t_msg, " accdata");
@@ -1473,7 +1490,8 @@ bool char_char_slotchange(struct char_session_data *sd, int fd, unsigned short f
/* update both at once */
if( SQL_SUCCESS != SQL->QueryStr(inter->sql_handle, "START TRANSACTION")
|| SQL_SUCCESS != SQL->Query(inter->sql_handle, "UPDATE `%s` SET `char_num`='%d' WHERE `char_id`='%d' LIMIT 1", char_db, from, sd->found_char[to])
- || SQL_SUCCESS != SQL->Query(inter->sql_handle, "UPDATE `%s` SET `char_num`='%d' WHERE `char_id`='%d' LIMIT 1", char_db, to, sd->found_char[from]) )
+ || SQL_SUCCESS != SQL->Query(inter->sql_handle, "UPDATE `%s` SET `char_num`='%d' WHERE `char_id`='%d' LIMIT 1", char_db, to, sd->found_char[from])
+ )
Sql_ShowDebug(inter->sql_handle);
else
result = true;
@@ -1508,12 +1526,17 @@ int char_rename_char_sql(struct char_session_data *sd, int char_id)
struct mmo_charstatus char_dat;
char esc_name[NAME_LENGTH*2+1];
+ nullpo_retr(2, sd);
+
if( sd->new_name[0] == 0 ) // Not ready for rename
return 2;
if( !chr->mmo_char_fromsql(char_id, &char_dat, false) ) // Only the short data is needed.
return 2;
+ if (sd->account_id != char_dat.account_id) // Try rename not own char
+ return 2;
+
if( char_dat.rename == 0 )
return 1;
@@ -1556,8 +1579,11 @@ int char_check_char_name(char * name, char * esc_name)
{
int i;
+ nullpo_retr(-2, name);
+ nullpo_retr(-2, esc_name);
+
// check length of character name
- if( name[0] == '\0' )
+ if (name[0] == '\0')
return -2; // empty character name
/**
* The client does not allow you to create names with less than 4 characters, however,
@@ -2027,6 +2053,7 @@ void char_mmo_char_send_ban_list(int fd, struct char_session_data *sd) {
int i;
time_t now = time(NULL);
+ nullpo_retv(sd);
ARR_FIND(0, MAX_CHARS, i, sd->unban_time[i]);
if( i != MAX_CHARS ) {
int c;
@@ -2063,6 +2090,7 @@ void char_mmo_char_send_ban_list(int fd, struct char_session_data *sd) {
// [Ind/Hercules] notify client about charselect window data
//----------------------------------------
void char_mmo_char_send_slots_info(int fd, struct char_session_data* sd) {
+ nullpo_retv(sd);
WFIFOHEAD(fd,29);
WFIFOW(fd,0) = 0x82d;
WFIFOW(fd,2) = 29;
@@ -2080,6 +2108,7 @@ void char_mmo_char_send_slots_info(int fd, struct char_session_data* sd) {
int char_mmo_char_send_characters(int fd, struct char_session_data* sd)
{
int j, offset = 0;
+ nullpo_ret(sd);
#if PACKETVER >= 20100413
offset += 3;
#endif
@@ -2201,6 +2230,8 @@ static void char_auth_ok(int fd, struct char_session_data *sd)
{
struct online_char_data* character;
+ nullpo_retv(sd);
+
if( (character = (struct online_char_data*)idb_get(chr->online_char_db, sd->account_id)) != NULL ) {
// check if character is not online already. [Skotlex]
if (character->server > -1) {
@@ -2356,7 +2387,8 @@ void char_parse_fromlogin_account_data(int fd)
void char_parse_fromlogin_login_pong(int fd)
{
RFIFOSKIP(fd,2);
- session[fd]->flag.ping = 0;
+ if (session[fd])
+ session[fd]->flag.ping = 0;
}
void char_changesex(int account_id, int sex)
@@ -2870,7 +2902,7 @@ void char_update_fame_list(int type, int index, int fame) {
mapif->sendall(buf, 8);
}
-//Loads a character's name and stores it in the buffer given (must be NAME_LENGTH in size)
+//Loads a character's name and stores it in the buffer given (must be NAME_LENGTH in size) and not NULL
//Returns 1 on found, 0 on not found (buffer is filled with Unknown char name)
int char_loadName(int char_id, char* name)
{
@@ -2943,6 +2975,7 @@ void mapif_on_disconnect(int id)
}
void mapif_on_parse_accinfo(int account_id, int u_fd, int u_aid, int u_group, int map_fd) {
+ Assert_retv(chr->login_fd > 0);
WFIFOHEAD(chr->login_fd,22);
WFIFOW(chr->login_fd,0) = 0x2740;
WFIFOL(chr->login_fd,2) = account_id;
@@ -2964,7 +2997,7 @@ void char_parse_frommap_skillid2idx(int fd)
int i;
int j = RFIFOW(fd, 2) - 4;
- memset(&skillid2idx, 0, sizeof(skillid2idx));
+ memset(&skillid2idx, 0, sizeof(skillid2idx));
if( j )
j /= 4;
for(i = 0; i < j; i++) {
@@ -3348,6 +3381,8 @@ void char_ban(int account_id, int char_id, time_t *unban_time, short year, short
struct tm *tmtime;
SqlStmt* stmt = SQL->StmtMalloc(inter->sql_handle);
+ nullpo_retv(unban_time);
+
if (*unban_time == 0 || *unban_time < time(NULL))
timestamp = time(NULL); // new ban
else
@@ -3363,13 +3398,12 @@ void char_ban(int account_id, int char_id, time_t *unban_time, short year, short
timestamp = mktime(tmtime);
if( SQL_SUCCESS != SQL->StmtPrepare(stmt,
- "UPDATE `%s` SET `unban_time` = ? WHERE `char_id` = ? LIMIT 1",
- char_db)
+ "UPDATE `%s` SET `unban_time` = ? WHERE `char_id` = ? LIMIT 1",
+ char_db)
|| SQL_SUCCESS != SQL->StmtBindParam(stmt, 0, SQLDT_LONG, (void*)&timestamp, sizeof(timestamp))
|| SQL_SUCCESS != SQL->StmtBindParam(stmt, 1, SQLDT_INT, (void*)&char_id, sizeof(char_id))
|| SQL_SUCCESS != SQL->StmtExecute(stmt)
-
- ) {
+ ) {
SqlStmt_ShowDebug(stmt);
}
@@ -3388,12 +3422,14 @@ void char_unban(int char_id, int *result)
/* handled by char server, so no redirection */
if( SQL_ERROR == SQL->Query(inter->sql_handle, "UPDATE `%s` SET `unban_time` = '0' WHERE `char_id` = '%d' LIMIT 1", char_db, char_id) ) {
Sql_ShowDebug(inter->sql_handle);
- *result = 1;
+ if (result)
+ *result = 1;
}
}
void char_ask_name_ack(int fd, int acc, const char* name, int type, int result)
{
+ nullpo_retv(name);
WFIFOHEAD(fd,34);
WFIFOW(fd, 0) = 0x2b0f;
WFIFOL(fd, 2) = acc;
@@ -3499,6 +3535,10 @@ void char_parse_frommap_fame_list(int fd)
default: size = 0; list = NULL; break;
}
+ if (!list) {
+ RFIFOSKIP(fd, 11);
+ return;
+ }
ARR_FIND(0, size, player_pos, list[player_pos].id == cid);// position of the player
ARR_FIND(0, size, fame_pos, list[fame_pos].fame <= fame);// where the player should be
@@ -3624,6 +3664,7 @@ void char_parse_frommap_ping(int fd)
void char_map_auth_ok(int fd, int account_id, struct char_auth_node* node, struct mmo_charstatus* cd)
{
+ nullpo_retv(cd);
WFIFOHEAD(fd,25 + sizeof(struct mmo_charstatus));
WFIFOW(fd,0) = 0x2afd;
WFIFOW(fd,2) = 25 + sizeof(struct mmo_charstatus);
@@ -4391,6 +4432,7 @@ void char_parse_char_connect(int fd, struct char_session_data* sd, uint32 ipl)
void char_send_map_info(int fd, int i, uint32 subnet_map_ip, struct mmo_charstatus *cd)
{
+ nullpo_retv(cd);
WFIFOHEAD(fd,28);
WFIFOW(fd,0) = 0x71;
WFIFOL(fd,2) = cd->char_id;
@@ -4413,6 +4455,7 @@ int char_search_default_maps_mapserver(struct mmo_charstatus *cd)
{
int i;
int j;
+ nullpo_retr(-1, cd);
if ((i = chr->search_mapserver((j=mapindex->name2id(MAP_PRONTERA)),-1,-1)) >= 0) {
cd->last_point.x = 273;
cd->last_point.y = 354;
@@ -4505,6 +4548,7 @@ void char_parse_char_select(int fd, struct char_session_data* sd, uint32 ipl)
//Have to switch over to the DB instance otherwise data won't propagate [Kevin]
cd = (struct mmo_charstatus *)idb_get(chr->char_db_, char_id);
+ nullpo_retv(cd);
if( cd->sex == 99 )
cd->sex = sd->sex;
@@ -4658,7 +4702,7 @@ void char_parse_char_delete_char(int fd, struct char_session_data* sd, unsigned
int i;
#if PACKETVER >= 20110309
- if( pincode->enabled ){ // hack check
+ if (pincode->enabled) { // hack check
struct online_char_data* character;
character = (struct online_char_data*)idb_get(chr->online_char_db, sd->account_id);
if( character && character->pincode_enable == -1 ){
@@ -4874,33 +4918,33 @@ void char_parse_char_login_map_server(int fd)
void char_parse_char_pincode_check(int fd, struct char_session_data* sd)
{
- if( RFIFOL(fd,2) == sd->account_id )
- pincode->check( fd, sd );
+ if (RFIFOL(fd,2) == sd->account_id)
+ pincode->check(fd, sd);
- RFIFOSKIP(fd,10);
+ RFIFOSKIP(fd, 10);
}
void char_parse_char_pincode_window(int fd, struct char_session_data* sd)
{
- if( RFIFOL(fd,2) == sd->account_id )
- pincode->sendstate( fd, sd, PINCODE_NOTSET );
+ if (RFIFOL(fd,2) == sd->account_id)
+ pincode->sendstate(fd, sd, PINCODE_NOTSET);
- RFIFOSKIP(fd,6);
+ RFIFOSKIP(fd, 6);
}
void char_parse_char_pincode_change(int fd, struct char_session_data* sd)
{
- if( RFIFOL(fd,2) == sd->account_id )
- pincode->change( fd, sd );
+ if (RFIFOL(fd,2) == sd->account_id)
+ pincode->change(fd, sd);
- RFIFOSKIP(fd,14);
+ RFIFOSKIP(fd, 14);
}
void char_parse_char_pincode_first_pin(int fd, struct char_session_data* sd)
{
- if( RFIFOL(fd,2) == sd->account_id )
- pincode->setnew( fd, sd );
- RFIFOSKIP(fd,10);
+ if (RFIFOL(fd,2) == sd->account_id)
+ pincode->setnew (fd, sd);
+ RFIFOSKIP(fd, 10);
}
void char_parse_char_request_chars(int fd, struct char_session_data* sd)
@@ -5155,6 +5199,7 @@ int mapif_sendall(unsigned char *buf, unsigned int len)
{
int i, c;
+ nullpo_ret(buf);
c = 0;
for(i = 0; i < ARRAYLENGTH(chr->server); i++) {
int fd;
@@ -5173,6 +5218,7 @@ int mapif_sendallwos(int sfd, unsigned char *buf, unsigned int len)
{
int i, c;
+ nullpo_ret(buf);
c = 0;
for(i = 0; i < ARRAYLENGTH(chr->server); i++) {
int fd;
@@ -5189,6 +5235,7 @@ int mapif_sendallwos(int sfd, unsigned char *buf, unsigned int len)
int mapif_send(int fd, unsigned char *buf, unsigned int len)
{
+ nullpo_ret(buf);
if (fd >= 0) {
int i;
ARR_FIND( 0, ARRAYLENGTH(chr->server), i, fd == chr->server[i].fd );
@@ -5241,6 +5288,7 @@ static int char_send_accounts_tologin_sub(DBKey key, DBData *data, va_list ap)
struct online_char_data* character = DB->data2ptr(data);
int* i = va_arg(ap, int*);
+ nullpo_ret(character);
if(character->server > -1)
{
WFIFOL(chr->login_fd,8+(*i)*4) = character->account_id;
@@ -5307,6 +5355,7 @@ static int char_waiting_disconnect(int tid, int64 tick, int id, intptr_t data) {
static int char_online_data_cleanup_sub(DBKey key, DBData *data, va_list ap)
{
struct online_char_data *character= DB->data2ptr(data);
+ nullpo_ret(character);
if (character->fd != -1)
return 0; //Character still connected
if (character->server == -2) //Unknown server.. set them offline
@@ -5955,6 +6004,7 @@ void char_defaults(void)
memset(chr->userid, 0, sizeof(chr->userid));
memset(chr->passwd, 0, sizeof(chr->passwd));
+ memset(chr->server_name, 0, sizeof(chr->server_name));
chr->ip = 0;
chr->port = 6121;
diff --git a/src/char/int_auction.c b/src/char/int_auction.c
index 57eae641d..2c54db16b 100644
--- a/src/char/int_auction.c
+++ b/src/char/int_auction.c
@@ -17,6 +17,7 @@
#include "../common/db.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -33,7 +34,7 @@ static int inter_auction_count(int char_id, bool buy)
for( auction = dbi_first(iter); dbi_exists(iter); auction = dbi_next(iter) )
{
- if( (buy && auction->buyer_id == char_id) || (!buy && auction->seller_id == char_id) )
+ if ((buy && auction->buyer_id == char_id) || (!buy && auction->seller_id == char_id))
i++;
}
dbi_destroy(iter);
@@ -160,6 +161,7 @@ static int inter_auction_end_timer(int tid, int64 tick, int id, intptr_t data) {
void inter_auction_delete(struct auction_data *auction)
{
+ nullpo_retv(auction);
unsigned int auction_id = auction->auction_id;
if( SQL_ERROR == SQL->Query(inter->sql_handle, "DELETE FROM `%s` WHERE `auction_id` = '%d'", auction_db, auction_id) )
@@ -240,6 +242,8 @@ void mapif_auction_sendlist(int fd, int char_id, short count, short pages, unsig
{
int len = (sizeof(struct auction_data) * count) + 12;
+ nullpo_retv(buf);
+
WFIFOHEAD(fd, len);
WFIFOW(fd,0) = 0x3850;
WFIFOW(fd,2) = len;
@@ -297,6 +301,8 @@ void mapif_auction_register(int fd, struct auction_data *auction)
{
int len = sizeof(struct auction_data) + 4;
+ nullpo_retv(auction);
+
WFIFOHEAD(fd,len);
WFIFOW(fd,0) = 0x3851;
WFIFOW(fd,2) = len;
diff --git a/src/char/int_elemental.c b/src/char/int_elemental.c
index d14d1e1e0..3a5022fe4 100644
--- a/src/char/int_elemental.c
+++ b/src/char/int_elemental.c
@@ -15,6 +15,7 @@
#include "mapif.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -26,6 +27,7 @@ struct inter_elemental_interface inter_elemental_s;
bool mapif_elemental_save(struct s_elemental* ele) {
bool flag = true;
+ nullpo_retr(false, ele);
if( ele->elemental_id == 0 ) { // Create new DB entry
if( SQL_ERROR == SQL->Query(inter->sql_handle,
"INSERT INTO `%s` (`char_id`,`class`,`mode`,`hp`,`sp`,`max_hp`,`max_sp`,`atk1`,`atk2`,`matk`,`aspd`,`def`,`mdef`,`flee`,`hit`,`life_time`)"
@@ -53,6 +55,7 @@ bool mapif_elemental_save(struct s_elemental* ele) {
bool mapif_elemental_load(int ele_id, int char_id, struct s_elemental *ele) {
char* data;
+ nullpo_retr(false, ele);
memset(ele, 0, sizeof(struct s_elemental));
ele->elemental_id = ele_id;
ele->char_id = char_id;
@@ -105,6 +108,7 @@ bool mapif_elemental_delete(int ele_id) {
void mapif_elemental_send(int fd, struct s_elemental *ele, unsigned char flag) {
int size = sizeof(struct s_elemental) + 5;
+ nullpo_retv(ele);
WFIFOHEAD(fd,size);
WFIFOW(fd,0) = 0x387c;
WFIFOW(fd,2) = size;
diff --git a/src/char/int_guild.c b/src/char/int_guild.c
index 20db452af..13aaeb0b4 100644
--- a/src/char/int_guild.c
+++ b/src/char/int_guild.c
@@ -18,6 +18,7 @@
#include "../common/db.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/strlib.h"
@@ -50,6 +51,8 @@ int inter_guild_save_timer(int tid, int64 tick, int id, intptr_t data) {
for( g = DB->data2ptr(iter->first(iter, &key)); dbi_exists(iter); g = DB->data2ptr(iter->next(iter, &key)) )
{
+ if (!g)
+ continue;
if( state == 0 && g->guild_id == last_id )
state++; //Save next guild in the list.
else
@@ -114,6 +117,7 @@ int inter_guild_tosql(struct guild *g,int flag)
char new_guild = 0;
int i=0;
+ nullpo_ret(g);
if (g->guild_id<=0 && g->guild_id != -1) return 0;
#ifdef NOISY
@@ -253,7 +257,7 @@ int inter_guild_tosql(struct guild *g,int flag)
//printf("- Insert guild %d to guild_position\n",g->guild_id);
for(i=0;i<MAX_GUILDPOSITION;i++){
struct guild_position *p = &g->position[i];
- if (!p->modified)
+ if (!p || !p->modified)
continue;
SQL->EscapeStringLen(inter->sql_handle, esc_name, p->name, strnlen(p->name, NAME_LENGTH));
if( SQL_ERROR == SQL->Query(inter->sql_handle, "REPLACE INTO `%s` (`guild_id`,`position`,`name`,`mode`,`exp_mode`) VALUES ('%d','%d','%s','%d','%d')",
@@ -521,6 +525,7 @@ int inter_guild_castle_tosql(struct guild_castle *gc)
StringBuf buf;
int i;
+ nullpo_ret(gc);
StrBuf->Init(&buf);
StrBuf->Printf(&buf, "REPLACE INTO `%s` SET `castle_id`='%d', `guild_id`='%d', `economy`='%d', `defense`='%d', "
"`triggerE`='%d', `triggerD`='%d', `nextTime`='%d', `payTime`='%d', `createTime`='%d', `visibleC`='%d'",
@@ -593,6 +598,7 @@ struct guild_castle* inter_guild_castle_fromsql(int castle_id)
// Read exp_guild.txt
bool inter_guild_exp_parse_row(char* split[], int column, int current) {
int64 exp = strtoll(split[0], NULL, 10);
+ nullpo_retr(true, split);
if (exp < 0 || exp >= UINT_MAX) {
ShowError("exp_guild: Invalid exp %"PRId64" (valid range: 0 - %u) at line %d\n", exp, UINT_MAX, current);
@@ -729,6 +735,7 @@ int inter_guild_sql_init(void)
int inter_guild_db_final(DBKey key, DBData *data, va_list ap)
{
struct guild *g = DB->data2ptr(data);
+ nullpo_ret(g);
if (g->save_flag&GS_MASK) {
inter_guild->tosql(g, g->save_flag&GS_MASK);
return 1;
@@ -749,6 +756,7 @@ int inter_guild_search_guildname(char *str)
int guild_id;
char esc_name[NAME_LENGTH*2+1];
+ nullpo_retr(-1, str);
SQL->EscapeStringLen(inter->sql_handle, esc_name, str, safestrnlen(str, NAME_LENGTH));
//Lookup guilds with the same name
if( SQL_ERROR == SQL->Query(inter->sql_handle, "SELECT guild_id FROM `%s` WHERE name='%s'", guild_db, esc_name) )
@@ -776,6 +784,7 @@ int inter_guild_search_guildname(char *str)
static bool inter_guild_check_empty(struct guild *g)
{
int i;
+ nullpo_ret(g);
ARR_FIND( 0, g->max_member, i, g->member[i].account_id > 0 );
if( i < g->max_member)
return false; // not empty
@@ -788,16 +797,17 @@ static bool inter_guild_check_empty(struct guild *g)
unsigned int inter_guild_nextexp(int level) {
if (level == 0)
return 1;
- if (level <= 0 || level >= MAX_GUILDLEVEL)
+ if (level <= 0 || level > MAX_GUILDLEVEL)
return 0;
return inter_guild->exp[level-1];
}
-int inter_guild_checkskill(struct guild *g,int id)
+int inter_guild_checkskill(struct guild *g, int id)
{
int idx = id - GD_SKILLBASE;
+ nullpo_ret(g);
if(idx < 0 || idx >= MAX_GUILDSKILL)
return 0;
@@ -810,6 +820,7 @@ int inter_guild_calcinfo(struct guild *g)
unsigned int nextexp;
struct guild before = *g; // Save guild current values
+ nullpo_ret(g);
if(g->guild_lv<=0)
g->guild_lv = 1;
nextexp = inter_guild->nextexp(g->guild_lv);
@@ -872,6 +883,7 @@ int inter_guild_calcinfo(struct guild *g)
int mapif_guild_created(int fd, int account_id, struct guild *g)
{
+ nullpo_ret(g);
WFIFOHEAD(fd, 10);
WFIFOW(fd,0)=0x3830;
WFIFOL(fd,2)=account_id;
@@ -905,6 +917,7 @@ int mapif_guild_noinfo(int fd, int guild_id)
int mapif_guild_info(int fd, struct guild *g)
{
unsigned char buf[8+sizeof(struct guild)];
+ nullpo_ret(g);
WBUFW(buf,0)=0x3831;
WBUFW(buf,2)=4+sizeof(struct guild);
memcpy(buf+4,g,sizeof(struct guild));
@@ -931,6 +944,8 @@ int mapif_guild_memberadded(int fd, int guild_id, int account_id, int char_id, i
// ACK member leave
int mapif_guild_withdraw(int guild_id,int account_id,int char_id,int flag, const char *name, const char *mes)
{
+ nullpo_ret(name);
+ nullpo_ret(mes);
unsigned char buf[55+NAME_LENGTH];
WBUFW(buf, 0)=0x3834;
WBUFL(buf, 2)=guild_id;
@@ -948,6 +963,8 @@ int mapif_guild_withdraw(int guild_id,int account_id,int char_id,int flag, const
int mapif_guild_memberinfoshort(struct guild *g, int idx)
{
unsigned char buf[19];
+ nullpo_ret(g);
+ Assert_ret(idx >= 0 && idx < MAX_GUILD);
WBUFW(buf, 0)=0x3835;
WBUFL(buf, 2)=g->guild_id;
WBUFL(buf, 6)=g->member[idx].account_id;
@@ -975,6 +992,7 @@ int mapif_guild_broken(int guild_id, int flag)
int mapif_guild_message(int guild_id, int account_id, char *mes, int len, int sfd)
{
unsigned char buf[512];
+ nullpo_ret(mes);
if (len > 500)
len = 500;
WBUFW(buf,0)=0x3837;
@@ -990,6 +1008,7 @@ int mapif_guild_message(int guild_id, int account_id, char *mes, int len, int sf
int mapif_guild_basicinfochanged(int guild_id, int type, const void *data, int len)
{
unsigned char buf[2048];
+ nullpo_ret(data);
if (len > 2038)
len = 2038;
WBUFW(buf, 0)=0x3839;
@@ -1005,6 +1024,7 @@ int mapif_guild_basicinfochanged(int guild_id, int type, const void *data, int l
int mapif_guild_memberinfochanged(int guild_id, int account_id, int char_id, int type, const void *data, int len)
{
unsigned char buf[2048];
+ nullpo_ret(data);
if (len > 2030)
len = 2030;
WBUFW(buf, 0)=0x383a;
@@ -1034,6 +1054,8 @@ int mapif_guild_skillupack(int guild_id, uint16 skill_id, int account_id)
int mapif_guild_alliance(int guild_id1, int guild_id2, int account_id1, int account_id2, int flag, const char *name1, const char *name2)
{
unsigned char buf[19+2*NAME_LENGTH];
+ nullpo_ret(name1);
+ nullpo_ret(name2);
WBUFW(buf, 0)=0x383d;
WBUFL(buf, 2)=guild_id1;
WBUFL(buf, 6)=guild_id2;
@@ -1050,6 +1072,8 @@ int mapif_guild_alliance(int guild_id1, int guild_id2, int account_id1, int acco
int mapif_guild_position(struct guild *g, int idx)
{
unsigned char buf[12 + sizeof(struct guild_position)];
+ nullpo_ret(g);
+ Assert_ret(idx >= 0 && idx < MAX_GUILDPOSITION);
WBUFW(buf,0)=0x383b;
WBUFW(buf,2)=sizeof(struct guild_position)+12;
WBUFL(buf,4)=g->guild_id;
@@ -1063,6 +1087,7 @@ int mapif_guild_position(struct guild *g, int idx)
int mapif_guild_notice(struct guild *g)
{
unsigned char buf[256];
+ nullpo_ret(g);
WBUFW(buf,0)=0x383e;
WBUFL(buf,2)=g->guild_id;
memcpy(WBUFP(buf,6),g->mes1,MAX_GUILDMES1);
@@ -1075,6 +1100,7 @@ int mapif_guild_notice(struct guild *g)
int mapif_guild_emblem(struct guild *g)
{
unsigned char buf[12 + sizeof(g->emblem_data)];
+ nullpo_ret(g);
WBUFW(buf,0)=0x383f;
WBUFW(buf,2)=g->emblem_len+12;
WBUFL(buf,4)=g->guild_id;
@@ -1087,6 +1113,7 @@ int mapif_guild_emblem(struct guild *g)
int mapif_guild_master_changed(struct guild *g, int aid, int cid)
{
unsigned char buf[14];
+ nullpo_ret(g);
WBUFW(buf,0)=0x3843;
WBUFL(buf,2)=g->guild_id;
WBUFL(buf,6)=aid;
@@ -1102,6 +1129,7 @@ int mapif_guild_castle_dataload(int fd, int sz, int *castle_ids)
int len = 4 + num * sizeof(*gc);
int i;
+ nullpo_ret(castle_ids);
WFIFOHEAD(fd, len);
WFIFOW(fd, 0) = 0x3840;
WFIFOW(fd, 2) = len;
@@ -1125,6 +1153,8 @@ int mapif_parse_CreateGuild(int fd,int account_id,char *name,struct guild_member
#ifdef NOISY
ShowInfo("Creating Guild (%s)\n", name);
#endif
+ nullpo_ret(name);
+ nullpo_ret(master);
if(inter_guild->search_guildname(name) != 0){
ShowInfo("int_guild: guild with same name exists [%s]\n",name);
mapif->guild_created(fd,account_id,NULL);
@@ -1217,6 +1247,7 @@ int mapif_parse_GuildAddMember(int fd, int guild_id, struct guild_member *m)
struct guild * g;
int i;
+ nullpo_ret(m);
g = inter_guild->fromsql(guild_id);
if(g==NULL){
// Failed to add
@@ -1262,6 +1293,7 @@ int mapif_parse_GuildLeave(int fd, int guild_id, int account_id, int char_id, in
return 0;
}
+ nullpo_ret(mes);
// Find the member
ARR_FIND( 0, g->max_member, i, g->member[i].account_id == account_id && g->member[i].char_id == char_id );
if( i == g->max_member )
@@ -1426,6 +1458,7 @@ int mapif_parse_GuildBasicInfoChange(int fd, int guild_id, int type, const void
if( g == NULL )
return 0;
+ nullpo_ret(data);
switch(type) {
case GBI_EXP:
value = *((const int16 *)data);
@@ -1478,6 +1511,7 @@ int mapif_parse_GuildMemberInfoChange(int fd, int guild_id, int account_id, int
int i;
struct guild * g;
+ nullpo_ret(data);
g = inter_guild->fromsql(guild_id);
if(g==NULL)
return 0;
@@ -1588,6 +1622,7 @@ int inter_guild_charname_changed(int guild_id, int account_id, int char_id, char
struct guild *g;
int i, flag = 0;
+ nullpo_ret(name);
g = inter_guild->fromsql(guild_id);
if( g == NULL )
{
@@ -1625,6 +1660,7 @@ int mapif_parse_GuildPosition(int fd, int guild_id, int idx, struct guild_positi
// Could make some improvement in speed, because only change guild_position
struct guild * g;
+ nullpo_ret(p);
g = inter_guild->fromsql(guild_id);
if(g==NULL || idx<0 || idx>=MAX_GUILDPOSITION)
return 0;
@@ -1664,6 +1700,7 @@ int mapif_parse_GuildDeleteAlliance(struct guild *g, int guild_id, int account_i
int i;
char name[NAME_LENGTH];
+ nullpo_retr(-1, g);
ARR_FIND( 0, MAX_GUILDALLIANCE, i, g->alliance[i].guild_id == guild_id );
if( i == MAX_GUILDALLIANCE )
return -1;
@@ -1726,6 +1763,8 @@ int mapif_parse_GuildNotice(int fd, int guild_id, const char *mes1, const char *
{
struct guild *g;
+ nullpo_ret(mes1);
+ nullpo_ret(mes2);
g = inter_guild->fromsql(guild_id);
if(g==NULL)
return 0;
@@ -1740,6 +1779,7 @@ int mapif_parse_GuildEmblem(int fd, int len, int guild_id, int dummy, const char
{
struct guild * g;
+ nullpo_ret(data);
g = inter_guild->fromsql(guild_id);
if(g==NULL)
return 0;
@@ -1804,6 +1844,7 @@ int mapif_parse_GuildMasterChange(int fd, int guild_id, const char* name, int le
struct guild_member gm;
int pos;
+ nullpo_ret(name);
g = inter_guild->fromsql(guild_id);
if(g==NULL || len > NAME_LENGTH)
@@ -1888,6 +1929,7 @@ void inter_guild_defaults(void)
inter_guild->guild_db = NULL;
inter_guild->castle_db = NULL;
+ memset(inter_guild->exp, 0, sizeof(inter_guild->exp));
inter_guild->save_timer = inter_guild_save_timer;
inter_guild->removemember_tosql = inter_guild_removemember_tosql;
diff --git a/src/char/int_homun.c b/src/char/int_homun.c
index dd23261c2..9f91de252 100644
--- a/src/char/int_homun.c
+++ b/src/char/int_homun.c
@@ -15,6 +15,7 @@
#include "mapif.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -34,6 +35,7 @@ void inter_homunculus_sql_final(void)
void mapif_homunculus_created(int fd, int account_id, struct s_homunculus *sh, unsigned char flag)
{
+ nullpo_retv(sh);
WFIFOHEAD(fd, sizeof(struct s_homunculus)+9);
WFIFOW(fd,0) = 0x3890;
WFIFOW(fd,2) = sizeof(struct s_homunculus)+9;
@@ -53,6 +55,7 @@ void mapif_homunculus_deleted(int fd, int flag)
void mapif_homunculus_loaded(int fd, int account_id, struct s_homunculus *hd)
{
+ nullpo_retv(hd);
WFIFOHEAD(fd, sizeof(struct s_homunculus)+9);
WFIFOW(fd,0) = 0x3891;
WFIFOW(fd,2) = sizeof(struct s_homunculus)+9;
@@ -81,6 +84,7 @@ void mapif_homunculus_saved(int fd, int account_id, bool flag)
void mapif_homunculus_renamed(int fd, int account_id, int char_id, unsigned char flag, char* name)
{
+ nullpo_retv(name);
WFIFOHEAD(fd, NAME_LENGTH+12);
WFIFOW(fd, 0) = 0x3894;
WFIFOL(fd, 2) = account_id;
@@ -95,6 +99,7 @@ bool mapif_homunculus_save(struct s_homunculus* hd)
bool flag = true;
char esc_name[NAME_LENGTH*2+1];
+ nullpo_ret(hd);
SQL->EscapeStringLen(inter->sql_handle, esc_name, hd->name, strnlen(hd->name, NAME_LENGTH));
if( hd->hom_id == 0 )
@@ -158,6 +163,7 @@ bool mapif_homunculus_load(int homun_id, struct s_homunculus* hd)
char* data;
size_t len;
+ nullpo_ret(hd);
memset(hd, 0, sizeof(*hd));
if( SQL_ERROR == SQL->Query(inter->sql_handle, "SELECT `homun_id`,`char_id`,`class`,`prev_class`,`name`,`level`,`exp`,`intimacy`,`hunger`, `str`, `agi`, `vit`, `int`, `dex`, `luk`, `hp`,`max_hp`,`sp`,`max_sp`,`skill_point`,`rename_flag`, `vaporize` FROM `%s` WHERE `homun_id`='%u'", homunculus_db, homun_id) )
@@ -247,6 +253,7 @@ bool mapif_homunculus_rename(char *name)
{
int i;
+ nullpo_ret(name);
// Check Authorized letters/symbols in the name of the homun
if( char_name_option == 1 )
{// only letters/symbols in char_name_letters are authorized
diff --git a/src/char/int_mail.c b/src/char/int_mail.c
index 17fb9d424..cd2fa0deb 100644
--- a/src/char/int_mail.c
+++ b/src/char/int_mail.c
@@ -15,6 +15,7 @@
#include "mapif.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -30,6 +31,7 @@ static int inter_mail_fromsql(int char_id, struct mail_data* md)
char *data;
StringBuf buf;
+ nullpo_ret(md);
memset(md, 0, sizeof(struct mail_data));
md->amount = 0;
md->full = false;
@@ -114,6 +116,7 @@ int inter_mail_savemessage(struct mail_message* msg)
SqlStmt* stmt;
int j;
+ nullpo_ret(msg);
// build message save query
StrBuf->Init(&buf);
StrBuf->Printf(&buf, "INSERT INTO `%s` (`send_name`, `send_id`, `dest_name`, `dest_id`, `title`, `message`, `time`, `status`, `zeny`, `amount`, `nameid`, `refine`, `attribute`, `identify`, `unique_id`", mail_db);
@@ -151,6 +154,7 @@ static bool inter_mail_loadmessage(int mail_id, struct mail_message* msg)
{
int j;
StringBuf buf;
+ nullpo_ret(msg);
memset(msg, 0, sizeof(struct mail_message)); // Initialize data
StrBuf->Init(&buf);
@@ -203,6 +207,7 @@ static bool inter_mail_loadmessage(int mail_id, struct mail_message* msg)
void mapif_mail_sendinbox(int fd, int char_id, unsigned char flag, struct mail_data *md)
{
+ nullpo_retv(md);
//FIXME: dumping the whole structure like this is unsafe [ultramage]
WFIFOHEAD(fd, sizeof(struct mail_data) + 9);
WFIFOW(fd,0) = 0x3848;
@@ -263,6 +268,7 @@ static bool inter_mail_DeleteAttach(int mail_id)
void mapif_mail_sendattach(int fd, int char_id, struct mail_message *msg)
{
+ nullpo_retv(msg);
WFIFOHEAD(fd, sizeof(struct item) + 12);
WFIFOW(fd,0) = 0x384a;
WFIFOW(fd,2) = sizeof(struct item) + 12;
@@ -402,6 +408,7 @@ void mapif_mail_send(int fd, struct mail_message* msg)
{
int len = sizeof(struct mail_message) + 4;
+ nullpo_retv(msg);
WFIFOHEAD(fd,len);
WFIFOW(fd,0) = 0x384d;
WFIFOW(fd,2) = len;
@@ -449,6 +456,11 @@ void mapif_parse_mail_send(int fd)
void inter_mail_sendmail(int send_id, const char* send_name, int dest_id, const char* dest_name, const char* title, const char* body, int zeny, struct item *item)
{
struct mail_message msg;
+ nullpo_retv(send_name);
+ nullpo_retv(dest_name);
+ nullpo_retv(title);
+ nullpo_retv(body);
+ nullpo_retv(item);
memset(&msg, 0, sizeof(struct mail_message));
msg.send_id = send_id;
diff --git a/src/char/int_mercenary.c b/src/char/int_mercenary.c
index 2bd94b97e..3321627c0 100644
--- a/src/char/int_mercenary.c
+++ b/src/char/int_mercenary.c
@@ -15,6 +15,7 @@
#include "mapif.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -27,6 +28,7 @@ bool inter_mercenary_owner_fromsql(int char_id, struct mmo_charstatus *status)
{
char* data;
+ nullpo_ret(status);
if( SQL_ERROR == SQL->Query(inter->sql_handle, "SELECT `merc_id`, `arch_calls`, `arch_faith`, `spear_calls`, `spear_faith`, `sword_calls`, `sword_faith` FROM `%s` WHERE `char_id` = '%d'", mercenary_owner_db, char_id) )
{
Sql_ShowDebug(inter->sql_handle);
@@ -53,6 +55,7 @@ bool inter_mercenary_owner_fromsql(int char_id, struct mmo_charstatus *status)
bool inter_mercenary_owner_tosql(int char_id, struct mmo_charstatus *status)
{
+ nullpo_ret(status);
if( SQL_ERROR == SQL->Query(inter->sql_handle, "REPLACE INTO `%s` (`char_id`, `merc_id`, `arch_calls`, `arch_faith`, `spear_calls`, `spear_faith`, `sword_calls`, `sword_faith`) VALUES ('%d', '%d', '%d', '%d', '%d', '%d', '%d', '%d')",
mercenary_owner_db, char_id, status->mer_id, status->arch_calls, status->arch_faith, status->spear_calls, status->spear_faith, status->sword_calls, status->sword_faith) )
{
@@ -78,6 +81,7 @@ bool mapif_mercenary_save(struct s_mercenary* merc)
{
bool flag = true;
+ nullpo_ret(merc);
if( merc->mercenary_id == 0 )
{ // Create new DB entry
if( SQL_ERROR == SQL->Query(inter->sql_handle,
@@ -105,6 +109,7 @@ bool mapif_mercenary_load(int merc_id, int char_id, struct s_mercenary *merc)
{
char* data;
+ nullpo_ret(merc);
memset(merc, 0, sizeof(struct s_mercenary));
merc->mercenary_id = merc_id;
merc->char_id = char_id;
@@ -148,6 +153,7 @@ void mapif_mercenary_send(int fd, struct s_mercenary *merc, unsigned char flag)
{
int size = sizeof(struct s_mercenary) + 5;
+ nullpo_retv(merc);
WFIFOHEAD(fd,size);
WFIFOW(fd,0) = 0x3870;
WFIFOW(fd,2) = size;
diff --git a/src/char/int_party.c b/src/char/int_party.c
index bf950ec42..79bd1139c 100644
--- a/src/char/int_party.c
+++ b/src/char/int_party.c
@@ -18,6 +18,7 @@
#include "../common/malloc.h"
#include "../common/mapindex.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -29,6 +30,7 @@ struct inter_party_interface inter_party_s;
static int inter_party_check_lv(struct party_data *p) {
int i;
unsigned int lv;
+ nullpo_ret(p);
p->min_lv = UINT_MAX;
p->max_lv = 0;
for(i=0;i<MAX_PARTY;i++){
@@ -54,6 +56,7 @@ static int inter_party_check_lv(struct party_data *p) {
static void inter_party_calc_state(struct party_data *p)
{
int i;
+ nullpo_retv(p);
p->min_lv = UINT_MAX;
p->max_lv = 0;
p->party.count =
@@ -109,6 +112,7 @@ int inter_party_tosql(struct party *p, int flag, int index)
if( p == NULL || p->party_id == 0 )
return 0;
+ Assert_ret(index >= 0 && index < MAX_PARTY);
party_id = p->party_id;
#ifdef NOISY
@@ -295,6 +299,7 @@ struct party_data* inter_party_search_partyname(const char *const str)
// Returns whether this party can keep having exp share or not.
int inter_party_check_exp_share(struct party_data *const p)
{
+ nullpo_ret(p);
return (p->party.count < 2 || p->max_lv - p->min_lv <= party_share_level);
}
@@ -318,6 +323,7 @@ int inter_party_check_empty(struct party_data *p)
// Create a party whether or not
int mapif_party_created(int fd, int account_id, int char_id, struct party *p)
{
+ nullpo_ret(p);
WFIFOHEAD(fd, 39);
WFIFOW(fd,0)=0x3820;
WFIFOL(fd,2)=account_id;
@@ -353,6 +359,7 @@ void mapif_party_noinfo(int fd, int party_id, int char_id)
void mapif_party_info(int fd, struct party* p, int char_id)
{
unsigned char buf[8 + sizeof(struct party)];
+ nullpo_retv(p);
WBUFW(buf,0) = 0x3821;
WBUFW(buf,2) = 8 + sizeof(struct party);
WBUFL(buf,4) = char_id;
@@ -381,6 +388,7 @@ int mapif_party_memberadded(int fd, int party_id, int account_id, int char_id, i
int mapif_party_optionchanged(int fd, struct party *p, int account_id, int flag)
{
unsigned char buf[16];
+ nullpo_ret(p);
WBUFW(buf,0)=0x3823;
WBUFL(buf,2)=p->party_id;
WBUFL(buf,6)=account_id;
@@ -411,6 +419,8 @@ int mapif_party_membermoved(struct party *p, int idx)
{
unsigned char buf[20];
+ nullpo_ret(p);
+ Assert_ret(idx >= 0 && idx < MAX_PARTY);
WBUFW(buf,0) = 0x3825;
WBUFL(buf,2) = p->party_id;
WBUFL(buf,6) = p->member[idx].account_id;
@@ -438,6 +448,7 @@ int mapif_party_broken(int party_id, int flag)
int mapif_party_message(int party_id, int account_id, char *mes, int len, int sfd)
{
unsigned char buf[512];
+ nullpo_ret(mes);
WBUFW(buf,0)=0x3827;
WBUFW(buf,2)=len+12;
WBUFL(buf,4)=party_id;
@@ -456,6 +467,8 @@ int mapif_parse_CreateParty(int fd, char *name, int item, int item2, struct part
{
struct party_data *p;
int i;
+ nullpo_ret(name);
+ nullpo_ret(leader);
if( (p=inter_party->search_partyname(name))!=NULL){
mapif->party_created(fd,leader->account_id,leader->char_id,NULL);
return 0;
@@ -523,6 +536,7 @@ int mapif_parse_PartyAddMember(int fd, int party_id, struct party_member *member
struct party_data *p;
int i;
+ nullpo_ret(member);
p = inter_party->fromsql(party_id);
if( p == NULL || p->size == MAX_PARTY ) {
mapif->party_memberadded(fd, party_id, member->account_id, member->char_id, 1);
diff --git a/src/char/int_pet.c b/src/char/int_pet.c
index b37037844..b01777771 100644
--- a/src/char/int_pet.c
+++ b/src/char/int_pet.c
@@ -15,6 +15,7 @@
#include "mapif.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -29,6 +30,7 @@ int inter_pet_tosql(int pet_id, struct s_pet* p)
//`pet` (`pet_id`, `class`,`name`,`account_id`,`char_id`,`level`,`egg_id`,`equip`,`intimate`,`hungry`,`rename_flag`,`incubate`)
char esc_name[NAME_LENGTH*2+1];// escaped pet name
+ nullpo_ret(p);
SQL->EscapeStringLen(inter->sql_handle, esc_name, p->name, strnlen(p->name, NAME_LENGTH));
p->hungry = cap_value(p->hungry, 0, 100);
p->intimate = cap_value(p->intimate, 0, 1000);
@@ -70,6 +72,7 @@ int inter_pet_fromsql(int pet_id, struct s_pet* p)
#ifdef NOISY
ShowInfo("Loading pet (%d)...\n",pet_id);
#endif
+ nullpo_ret(p);
memset(p, 0, sizeof(struct s_pet));
//`pet` (`pet_id`, `class`,`name`,`account_id`,`char_id`,`level`,`egg_id`,`equip`,`intimate`,`hungry`,`rename_flag`,`incubate`)
@@ -145,6 +148,7 @@ int mapif_pet_created(int fd, int account_id, struct s_pet *p)
int mapif_pet_info(int fd, int account_id, struct s_pet *p)
{
+ nullpo_ret(p);
WFIFOHEAD(fd, sizeof(struct s_pet) + 9);
WFIFOW(fd, 0) =0x3881;
WFIFOW(fd, 2) =sizeof(struct s_pet) + 9;
@@ -193,6 +197,7 @@ int mapif_delete_pet_ack(int fd, int flag)
int mapif_create_pet(int fd, int account_id, int char_id, short pet_class, short pet_lv, short pet_egg_id,
short pet_equip, short intimate, short hungry, char rename_flag, char incubate, char *pet_name)
{
+ nullpo_ret(pet_name);
memset(inter_pet->pt, 0, sizeof(struct s_pet));
safestrncpy(inter_pet->pt->name, pet_name, NAME_LENGTH);
if(incubate == 1)
@@ -254,6 +259,7 @@ int mapif_save_pet(int fd, int account_id, struct s_pet *data)
{
//here process pet save request.
int len;
+ nullpo_ret(data);
RFIFOHEAD(fd);
len=RFIFOW(fd, 2);
if (sizeof(struct s_pet) != len-8) {
diff --git a/src/char/int_quest.c b/src/char/int_quest.c
index dd3d4e1bf..1d64f48a3 100644
--- a/src/char/int_quest.c
+++ b/src/char/int_quest.c
@@ -16,6 +16,7 @@
#include "../common/db.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -66,8 +67,9 @@ struct quest *mapif_quests_fromsql(int char_id, int *count)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 0, SQLDT_INT, &tmp_quest.quest_id, 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 1, SQLDT_INT, &tmp_quest.state, 0, NULL, NULL)
|| SQL_ERROR == SQL->StmtBindColumn(stmt, 2, SQLDT_UINT, &tmp_quest.time, 0, NULL, NULL)
- )
+ ) {
sqlerror = SQL_ERROR;
+ }
StrBuf->Destroy(&buf);
@@ -244,6 +246,7 @@ int mapif_parse_quest_save(int fd)
void mapif_send_quests(int fd, int char_id, struct quest *tmp_questlog, int num_quests)
{
+ nullpo_retv(tmp_questlog);
WFIFOHEAD(fd,num_quests*sizeof(struct quest)+8);
WFIFOW(fd,0) = 0x3860;
WFIFOW(fd,2) = num_quests*sizeof(struct quest)+8;
diff --git a/src/char/int_storage.c b/src/char/int_storage.c
index db49eb46e..7afafc406 100644
--- a/src/char/int_storage.c
+++ b/src/char/int_storage.c
@@ -16,6 +16,7 @@
#include "mapif.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/sql.h"
@@ -28,6 +29,7 @@ struct inter_storage_interface inter_storage_s;
/// Save storage data to sql
int inter_storage_tosql(int account_id, struct storage_data* p)
{
+ nullpo_ret(p);
chr->memitemdata_to_sql(p->items, MAX_STORAGE, account_id, TABLE_STORAGE);
return 0;
}
@@ -40,6 +42,7 @@ int inter_storage_fromsql(int account_id, struct storage_data* p)
int i;
int j;
+ nullpo_ret(p);
memset(p, 0, sizeof(struct storage_data)); //clean up memory
p->storage_amount = 0;
@@ -82,6 +85,7 @@ int inter_storage_fromsql(int account_id, struct storage_data* p)
/// Save guild_storage data to sql
int inter_storage_guild_storage_tosql(int guild_id, struct guild_storage* p)
{
+ nullpo_ret(p);
chr->memitemdata_to_sql(p->items, MAX_GUILD_STORAGE, guild_id, TABLE_GUILD_STORAGE);
ShowInfo ("guild storage save to DB - guild: %d\n", guild_id);
return 0;
@@ -95,6 +99,7 @@ int inter_storage_guild_storage_fromsql(int guild_id, struct guild_storage* p)
int i;
int j;
+ nullpo_ret(p);
memset(p, 0, sizeof(struct guild_storage)); //clean up memory
p->storage_amount = 0;
p->guild_id = guild_id;
@@ -297,7 +302,8 @@ int mapif_parse_ItemBoundRetrieve_sub(int fd)
for( j = 0; j < MAX_SLOTS; ++j )
SQL->StmtBindColumn(stmt, 10+j, SQLDT_SHORT, &item.card[j], 0, NULL, NULL);
- while( SQL_SUCCESS == SQL->StmtNextRow(stmt) ) {
+ while( SQL_SUCCESS == SQL->StmtNextRow(stmt)) {
+ Assert_retb(i >= MAX_INVENTORY);
memcpy(&items[i],&item,sizeof(struct item));
i++;
}
diff --git a/src/char/inter.c b/src/char/inter.c
index eb14f1593..ec06df0f9 100644
--- a/src/char/inter.c
+++ b/src/char/inter.c
@@ -27,6 +27,7 @@
#include "../common/db.h"
#include "../common/malloc.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/strlib.h"
@@ -97,6 +98,7 @@ bool inter_msg_config_read(const char *cfg_name, bool allow_override)
FILE *fp;
static int called = 1;
+ nullpo_ret(cfg_name);
if ((fp = fopen(cfg_name, "r")) == NULL) {
ShowError("Messages file not found: %s\n", cfg_name);
return 1;
@@ -384,6 +386,7 @@ void inter_vmsg_to_fd(int fd, int u_fd, int aid, char* msg, va_list ap)
va_list apcopy;
int len = 1;/* yes we start at 1 */
+ nullpo_retv(msg);
va_copy(apcopy, ap);
len += vsnprintf(msg_out, 512, msg, apcopy);
va_end(apcopy);
@@ -484,6 +487,12 @@ void mapif_parse_accinfo2(bool success, int map_fd, int u_fd, int u_aid, int acc
const char *email, const char *last_ip, const char *lastlogin, const char *pin_code, const char *birthdate,
int group_id, int logincount, int state)
{
+ nullpo_retv(userid);
+ nullpo_retv(user_pass);
+ nullpo_retv(email);
+ nullpo_retv(last_ip);
+ nullpo_retv(lastlogin);
+ nullpo_retv(birthdate);
if (map_fd <= 0 || !session_isActive(map_fd))
return; // check if we have a valid fd
@@ -546,6 +555,7 @@ void mapif_parse_accinfo2(bool success, int map_fd, int u_fd, int u_aid, int acc
**/
void inter_savereg(int account_id, int char_id, const char *key, unsigned int index, intptr_t val, bool is_string)
{
+ nullpo_retv(key);
/* to login server we go! */
if( key[0] == '#' && key[1] == '#' ) {/* global account reg */
if( session_isValid(chr->login_fd) )
@@ -769,6 +779,7 @@ static int inter_config_read(const char* cfgName)
char line[1024], w1[1024], w2[1024];
FILE* fp;
+ nullpo_retr(1, cfgName);
fp = fopen(cfgName, "r");
if(fp == NULL) {
ShowError("File not found: %s\n", cfgName);
@@ -916,6 +927,8 @@ int mapif_broadcast(unsigned char *mes, int len, unsigned int fontColor, short f
{
unsigned char *buf = (unsigned char*)aMalloc((len)*sizeof(unsigned char));
+ nullpo_ret(mes);
+ Assert_ret(len >= 16);
WBUFW(buf,0) = 0x3800;
WBUFW(buf,2) = len;
WBUFL(buf,4) = fontColor;
@@ -934,8 +947,12 @@ int mapif_broadcast(unsigned char *mes, int len, unsigned int fontColor, short f
int mapif_wis_message(struct WisData *wd)
{
unsigned char buf[2048];
+ nullpo_ret(wd);
//if (wd->len > 2047-56) wd->len = 2047-56; //Force it to fit to avoid crashes. [Skotlex]
- if( wd->len >= sizeof(wd->msg) - 1 ) wd->len = sizeof(wd->msg) - 1;
+ if (wd->len < 0)
+ wd->len = 0;
+ if (wd->len >= sizeof(wd->msg) - 1)
+ wd->len = sizeof(wd->msg) - 1;
WBUFW(buf, 0) = 0x3801;
WBUFW(buf, 2) = 56 +wd->len;
@@ -951,6 +968,7 @@ int mapif_wis_message(struct WisData *wd)
void mapif_wis_response(int fd, unsigned char *src, int flag)
{
unsigned char buf[27];
+ nullpo_retv(src);
WBUFW(buf, 0)=0x3802;
memcpy(WBUFP(buf, 2),src,24);
WBUFB(buf,26)=flag;
@@ -960,6 +978,7 @@ void mapif_wis_response(int fd, unsigned char *src, int flag)
// Wis sending result
int mapif_wis_end(struct WisData *wd, int flag)
{
+ nullpo_ret(wd);
mapif->wis_response(wd->fd, wd->src, flag);
return 0;
}
@@ -968,6 +987,7 @@ int mapif_wis_end(struct WisData *wd, int flag)
// Account registry transfer to map-server
static void mapif_account_reg(int fd, unsigned char *src)
{
+ nullpo_retv(src);
WBUFW(src,0)=0x3804; //NOTE: writing to RFIFO
mapif->sendallwos(fd, src, WBUFW(src,2));
}
@@ -1005,6 +1025,7 @@ int inter_check_ttl_wisdata_sub(DBKey key, DBData *data, va_list ap)
{
int64 tick;
struct WisData *wd = DB->data2ptr(data);
+ nullpo_ret(wd);
tick = va_arg(ap, int64);
if (DIFF_TICK(tick, wd->tick) > WISDATA_TTL && wis_delnum < WISDELLIST_MAX)
@@ -1208,6 +1229,7 @@ int mapif_parse_RegistryRequest(int fd)
void mapif_namechange_ack(int fd, int account_id, int char_id, int type, int flag, const char *const name)
{
+ nullpo_retv(name);
WFIFOHEAD(fd, NAME_LENGTH+13);
WFIFOW(fd, 0) = 0x3806;
WFIFOL(fd, 2) = account_id;
diff --git a/src/char/loginif.c b/src/char/loginif.c
index 5247e6c3e..f53d9bb71 100644
--- a/src/char/loginif.c
+++ b/src/char/loginif.c
@@ -14,6 +14,7 @@
#include "../common/cbasetypes.h"
#include "../common/core.h"
+#include "../common/nullpo.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
#include "../common/timer.h"
@@ -88,6 +89,7 @@ void do_final_loginif(void)
void loginif_block_account(int account_id, int flag)
{
+ Assert_retv(chr->login_fd != -1);
WFIFOHEAD(chr->login_fd,10);
WFIFOW(chr->login_fd,0) = 0x2724;
WFIFOL(chr->login_fd,2) = account_id;
@@ -97,6 +99,7 @@ void loginif_block_account(int account_id, int flag)
void loginif_ban_account(int account_id, short year, short month, short day, short hour, short minute, short second)
{
+ Assert_retv(chr->login_fd != -1);
WFIFOHEAD(chr->login_fd,18);
WFIFOW(chr->login_fd, 0) = 0x2725;
WFIFOL(chr->login_fd, 2) = account_id;
@@ -111,6 +114,7 @@ void loginif_ban_account(int account_id, short year, short month, short day, sho
void loginif_unban_account(int account_id)
{
+ Assert_retv(chr->login_fd != -1);
WFIFOHEAD(chr->login_fd,6);
WFIFOW(chr->login_fd,0) = 0x272a;
WFIFOL(chr->login_fd,2) = account_id;
@@ -119,6 +123,7 @@ void loginif_unban_account(int account_id)
void loginif_changesex(int account_id)
{
+ Assert_retv(chr->login_fd != -1);
WFIFOHEAD(chr->login_fd,6);
WFIFOW(chr->login_fd,0) = 0x2727;
WFIFOL(chr->login_fd,2) = account_id;
@@ -127,6 +132,8 @@ void loginif_changesex(int account_id)
void loginif_auth(int fd, struct char_session_data* sd, uint32 ipl)
{
+ Assert_retv(chr->login_fd != -1);
+ nullpo_retv(sd);
WFIFOHEAD(chr->login_fd,23);
WFIFOW(chr->login_fd,0) = 0x2712; // ask login-server to authenticate an account
WFIFOL(chr->login_fd,2) = sd->account_id;
@@ -140,6 +147,7 @@ void loginif_auth(int fd, struct char_session_data* sd, uint32 ipl)
void loginif_send_users_count(int users)
{
+ Assert_retv(chr->login_fd != -1);
WFIFOHEAD(chr->login_fd,6);
WFIFOW(chr->login_fd,0) = 0x2714;
WFIFOL(chr->login_fd,2) = users;
@@ -148,6 +156,7 @@ void loginif_send_users_count(int users)
void loginif_connect_to_server(void)
{
+ Assert_retv(chr->login_fd != -1);
WFIFOHEAD(chr->login_fd,86);
WFIFOW(chr->login_fd,0) = 0x2710;
memcpy(WFIFOP(chr->login_fd,2), chr->userid, NAME_LENGTH);
diff --git a/src/char/pincode.c b/src/char/pincode.c
index b8b30a1b8..c3d2b2298 100644
--- a/src/char/pincode.c
+++ b/src/char/pincode.c
@@ -11,6 +11,7 @@
#include "char.h"
#include "../common/cbasetypes.h"
#include "../common/mmo.h"
+#include "../common/nullpo.h"
#include "../common/random.h"
#include "../common/showmsg.h"
#include "../common/socket.h"
@@ -18,9 +19,10 @@
struct pincode_interface pincode_s;
-void pincode_handle ( int fd, struct char_session_data* sd ) {
+void pincode_handle (int fd, struct char_session_data* sd) {
struct online_char_data* character = (struct online_char_data*)idb_get(chr->online_char_db, sd->account_id);
+ nullpo_retv(sd);
if( character && character->pincode_enable > pincode->charselect ){
character->pincode_enable = pincode->charselect * 2;
}else{
@@ -44,6 +46,7 @@ void pincode_handle ( int fd, struct char_session_data* sd ) {
void pincode_check(int fd, struct char_session_data* sd) {
char pin[5] = "\0\0\0\0";
+ nullpo_retv(sd);
safestrncpy(pin, (char*)RFIFOP(fd, 6), sizeof(pin));
pincode->decrypt(sd->pincode_seed, pin);
if( pincode->compare( fd, sd, pin ) ){
@@ -55,6 +58,8 @@ void pincode_check(int fd, struct char_session_data* sd) {
}
int pincode_compare(int fd, struct char_session_data* sd, char* pin) {
+ nullpo_ret(sd);
+ nullpo_ret(pin);
if( strcmp( sd->pincode, pin ) == 0 ){
sd->pincode_try = 0;
return 1;
@@ -70,6 +75,7 @@ int pincode_compare(int fd, struct char_session_data* sd, char* pin) {
void pincode_change(int fd, struct char_session_data* sd) {
char oldpin[5] = "\0\0\0\0", newpin[5] = "\0\0\0\0";
+ nullpo_retv(sd);
safestrncpy(oldpin, (char*)RFIFOP(fd,6), sizeof(oldpin));
pincode->decrypt(sd->pincode_seed,oldpin);
if( !pincode->compare( fd, sd, oldpin ) )
@@ -85,6 +91,7 @@ void pincode_change(int fd, struct char_session_data* sd) {
void pincode_setnew(int fd, struct char_session_data* sd) {
char newpin[5] = "\0\0\0\0";
+ nullpo_retv(sd);
safestrncpy(newpin, (char*)RFIFOP(fd,6), sizeof(newpin));
pincode->decrypt(sd->pincode_seed,newpin);
pincode->update( sd->account_id, newpin );
@@ -102,6 +109,7 @@ void pincode_setnew(int fd, struct char_session_data* sd) {
// 7 = char select window shows a button - client sends 0x8c5
// 8 = pincode was incorrect
void pincode_sendstate(int fd, struct char_session_data* sd, uint16 state) {
+ nullpo_retv(sd);
WFIFOHEAD(fd, 12);
WFIFOW(fd, 0) = 0x8b9;
WFIFOL(fd, 2) = sd->pincode_seed = rnd() % 0xFFFF;
@@ -111,6 +119,8 @@ void pincode_sendstate(int fd, struct char_session_data* sd, uint16 state) {
}
void pincode_notifyLoginPinUpdate(int account_id, char* pin) {
+ nullpo_retv(pin);
+ Assert_retv(chr->login_fd != -1);
WFIFOHEAD(chr->login_fd,11);
WFIFOW(chr->login_fd,0) = 0x2738;
WFIFOL(chr->login_fd,2) = account_id;
@@ -129,6 +139,7 @@ void pincode_decrypt(unsigned int userSeed, char* pin) {
int i;
char tab[10] = {0,1,2,3,4,5,6,7,8,9};
+ nullpo_retv(pin);
for (i = 1; i < 10; i++) {
int pos;
userSeed = pincode->baseSeed + userSeed * pincode->multiplier;
@@ -149,6 +160,8 @@ void pincode_decrypt(unsigned int userSeed, char* pin) {
bool pincode_config_read(char *w1, char *w2) {
+ nullpo_ret(w1);
+ nullpo_ret(w2);
while ( true ) {
if ( strcmpi(w1, "pincode_enabled") == 0 ) {
pincode->enabled = atoi(w2);