From 3e1fe0d3842aab1c85f4dfd8e3533ca6631fc4e5 Mon Sep 17 00:00:00 2001 From: Haru Date: Sat, 25 Oct 2014 00:42:05 +0200 Subject: Added some missing variable initializations - The issue was caused by memcmp failing because of garbage in structs padding. - Fixes bugreport:8410, special thanks (and credits for the fix) to Garr http://hercules.ws/board/tracker/issue-8410-autotradeat-issue/ - Also reduced scope of some variables, where appropriate. - Thanks to Ind. Signed-off-by: Haru --- src/char/char.c | 10 +++++++++- src/char/char.h | 2 -- src/char/int_mail.c | 3 +++ src/char/int_storage.c | 1 + src/login/login.c | 1 + src/map/clif.c | 6 ++++-- src/map/clif.h | 2 -- src/map/npc.c | 12 ++++++------ src/map/script.c | 33 ++++++++++++++------------------- src/map/unit.c | 2 ++ 10 files changed, 40 insertions(+), 32 deletions(-) diff --git a/src/char/char.c b/src/char/char.c index 6549ead3c..824c782bc 100644 --- a/src/char/char.c +++ b/src/char/char.c @@ -750,6 +750,7 @@ int memitemdata_to_sql(const struct item items[], int max, int id, int tableswit return 1; } + memset(&item, 0, sizeof(item)); SQL->StmtBindColumn(stmt, 0, SQLDT_INT, &item.id, 0, NULL, NULL); SQL->StmtBindColumn(stmt, 1, SQLDT_SHORT, &item.nameid, 0, NULL, NULL); SQL->StmtBindColumn(stmt, 2, SQLDT_SHORT, &item.amount, 0, NULL, NULL); @@ -893,6 +894,7 @@ int inventory_to_sql(const struct item items[], int max, int id) { return 1; } + memset(&item, 0, sizeof(item)); SQL->StmtBindColumn(stmt, 0, SQLDT_INT, &item.id, 0, NULL, NULL); SQL->StmtBindColumn(stmt, 1, SQLDT_SHORT, &item.nameid, 0, NULL, NULL); SQL->StmtBindColumn(stmt, 2, SQLDT_SHORT, &item.amount, 0, NULL, NULL); @@ -1229,6 +1231,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything //read memo data //`memo` (`memo_id`,`char_id`,`map`,`x`,`y`) + memset(&tmp_point, 0, sizeof(tmp_point)); if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT `map`,`x`,`y` FROM `%s` WHERE `char_id`=? ORDER by `memo_id` LIMIT %d", memo_db, MAX_MEMOPOINTS) || SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0) || SQL_ERROR == SQL->StmtExecute(stmt) @@ -1251,6 +1254,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything StrBuf->Printf(&buf, ", `card%d`", i); StrBuf->Printf(&buf, " FROM `%s` WHERE `char_id`=? LIMIT %d", inventory_db, MAX_INVENTORY); + memset(&tmp_item, 0, sizeof(tmp_item)); if( SQL_ERROR == SQL->StmtPrepareStr(stmt, StrBuf->Value(&buf)) || SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0) || SQL_ERROR == SQL->StmtExecute(stmt) @@ -1312,6 +1316,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything //read skill //`skill` (`char_id`, `id`, `lv`) + memset(&tmp_skill, 0, sizeof(tmp_skill)); if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT `id`, `lv`,`flag` FROM `%s` WHERE `char_id`=? LIMIT %d", skill_db, MAX_SKILL) || SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0) || SQL_ERROR == SQL->StmtExecute(stmt) @@ -1333,6 +1338,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything //read friends //`friends` (`char_id`, `friend_account`, `friend_id`) + memset(&tmp_friend, 0, sizeof(tmp_friend)); if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT c.`account_id`, c.`char_id`, c.`name` FROM `%s` c LEFT JOIN `%s` f ON f.`friend_account` = c.`account_id` AND f.`friend_id` = c.`char_id` WHERE f.`char_id`=? LIMIT %d", char_db, friend_db, MAX_FRIENDS) || SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0) || SQL_ERROR == SQL->StmtExecute(stmt) @@ -1348,6 +1354,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything #ifdef HOTKEY_SAVING //read hotkeys //`hotkey` (`char_id`, `hotkey`, `type`, `itemskill_id`, `skill_lvl` + memset(&tmp_hotkey, 0, sizeof(tmp_hotkey)); if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT `hotkey`, `type`, `itemskill_id`, `skill_lvl` FROM `%s` WHERE `char_id`=?", hotkey_db) || SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0) || SQL_ERROR == SQL->StmtExecute(stmt) @@ -3061,6 +3068,7 @@ int parse_frommap(int fd) int count; char* data; + memset(&scdata, 0, sizeof(scdata)); WFIFOHEAD(fd,14+50*sizeof(struct status_change_data)); WFIFOW(fd,0) = 0x2b1d; WFIFOL(fd,4) = aid; @@ -3232,7 +3240,6 @@ int parse_frommap(int fd) { int map_id, map_fd = -1; struct mmo_charstatus* char_data; - struct mmo_charstatus char_dat; map_id = search_mapserver(RFIFOW(fd,18), ntohl(RFIFOL(fd,24)), ntohs(RFIFOW(fd,28))); //Locate mapserver by ip and port. if (map_id >= 0) @@ -3240,6 +3247,7 @@ int parse_frommap(int fd) //Char should just had been saved before this packet, so this should be safe. [Skotlex] char_data = (struct mmo_charstatus*)uidb_get(char_db_,RFIFOL(fd,14)); if (char_data == NULL) { //Really shouldn't happen. + struct mmo_charstatus char_dat; mmo_char_fromsql(RFIFOL(fd,14), &char_dat, true); char_data = (struct mmo_charstatus*)uidb_get(char_db_,RFIFOL(fd,14)); } diff --git a/src/char/char.h b/src/char/char.h index 5a70d2ca7..4d053484b 100644 --- a/src/char/char.h +++ b/src/char/char.h @@ -14,8 +14,6 @@ enum E_CHARSERVER_ST { CHARSERVER_ST_LAST }; -struct mmo_charstatus; - struct char_session_data { bool auth; // whether the session is authed or not int account_id, login_id1, login_id2, sex; diff --git a/src/char/int_mail.c b/src/char/int_mail.c index 86a36d59f..47d2cc1c5 100644 --- a/src/char/int_mail.c +++ b/src/char/int_mail.c @@ -148,6 +148,7 @@ static bool mail_loadmessage(int mail_id, struct mail_message* msg) { int j; StringBuf buf; + memset(msg, 0, sizeof(struct mail_message)); // Initialize data StrBuf->Init(&buf); StrBuf->AppendStr(&buf, "SELECT `id`,`send_name`,`send_id`,`dest_name`,`dest_id`,`title`,`message`,`time`,`status`," @@ -206,6 +207,7 @@ static bool mail_loadmessage(int mail_id, struct mail_message* msg) static void mapif_Mail_sendinbox(int fd, int char_id, unsigned char flag) { struct mail_data md; + memset(&md, 0, sizeof(md)); mail_fromsql(char_id, &md); //FIXME: dumping the whole structure like this is unsafe [ultramage] @@ -262,6 +264,7 @@ static bool mail_DeleteAttach(int mail_id) static void mapif_Mail_getattach(int fd, int char_id, int mail_id) { struct mail_message msg; + memset(&msg, 0, sizeof(msg)); if( !mail_loadmessage(mail_id, &msg) ) return; diff --git a/src/char/int_storage.c b/src/char/int_storage.c index 882d9b2a5..b9d9f2e2c 100644 --- a/src/char/int_storage.c +++ b/src/char/int_storage.c @@ -282,6 +282,7 @@ int mapif_parse_ItemBoundRetrieve_sub(int fd) return 1; } + memset(&item, 0, sizeof(item)); SQL->StmtBindColumn(stmt, 0, SQLDT_INT, &item.id, 0, NULL, NULL); SQL->StmtBindColumn(stmt, 1, SQLDT_SHORT, &item.nameid, 0, NULL, NULL); SQL->StmtBindColumn(stmt, 2, SQLDT_SHORT, &item.amount, 0, NULL, NULL); diff --git a/src/login/login.c b/src/login/login.c index 828afb22b..129049627 100644 --- a/src/login/login.c +++ b/src/login/login.c @@ -1651,6 +1651,7 @@ int login_config_read(const char* cfgName) else if(!strcmpi(w1, "client_hash")) { int group = 0; char md5[33]; + memset(md5, '\0', 33); if (sscanf(w2, "%d, %32s", &group, md5) == 2) { struct client_hash_node *nnode; diff --git a/src/map/clif.c b/src/map/clif.c index 033a5e081..ae885465b 100644 --- a/src/map/clif.c +++ b/src/map/clif.c @@ -15117,7 +15117,8 @@ void clif_parse_Mail_send(int fd, struct map_session_data *sd) if (body_len > MAIL_BODY_LENGTH) body_len = MAIL_BODY_LENGTH; - if( !mail->setattachment(sd, &msg) ) { // Invalid Append condition + memset(&msg, 0, sizeof(msg)); + if (!mail->setattachment(sd, &msg)) { // Invalid Append condition clif->mail_send(sd->fd, true); // fail mail->removeitem(sd,0); mail->removezeny(sd,0); @@ -15335,9 +15336,10 @@ void clif_parse_Auction_register(int fd, struct map_session_data *sd) struct auction_data auction; struct item_data *item; - if( !battle_config.feature_auction ) + if (!battle_config.feature_auction) return; + memset(&auction, 0, sizeof(auction)); auction.price = RFIFOL(fd,2); auction.buynow = RFIFOL(fd,6); auction.hours = RFIFOW(fd,10); diff --git a/src/map/clif.h b/src/map/clif.h index bb71db5ae..1013add85 100644 --- a/src/map/clif.h +++ b/src/map/clif.h @@ -18,8 +18,6 @@ **/ struct item; struct item_data; -struct storage_data; -struct guild_storage; struct unit_data; struct map_session_data; struct homun_data; diff --git a/src/map/npc.c b/src/map/npc.c index 7dc0bda60..46b33bacb 100644 --- a/src/map/npc.c +++ b/src/map/npc.c @@ -1818,11 +1818,11 @@ int npc_buylist(struct map_session_data* sd, int n, unsigned short* item_list) { for( i = 0; i < n; ++i ) { int nameid = item_list[i*2+1]; int amount = item_list[i*2+0]; - struct item item_tmp; - if (itemdb_type(nameid) == IT_PETEGG) + if (itemdb_type(nameid) == IT_PETEGG) { pet->create_egg(sd, nameid); - else { + } else { + struct item item_tmp; memset(&item_tmp,0,sizeof(item_tmp)); item_tmp.nameid = nameid; item_tmp.identify = 1; @@ -1933,7 +1933,6 @@ int npc_market_buylist(struct map_session_data* sd, unsigned short list_size, st for( i = 0; i < list_size; ++i ) { int nameid = p->list[i].ITID; int amount = p->list[i].qty; - struct item item_tmp; j = npc_market_qty[i]; @@ -1944,9 +1943,10 @@ int npc_market_buylist(struct map_session_data* sd, unsigned short list_size, st npc->market_tosql(nd,j); - if (itemdb_type(nameid) == IT_PETEGG) + if (itemdb_type(nameid) == IT_PETEGG) { pet->create_egg(sd, nameid); - else { + } else { + struct item item_tmp; memset(&item_tmp,0,sizeof(item_tmp)); item_tmp.nameid = nameid; item_tmp.identify = 1; diff --git a/src/map/script.c b/src/map/script.c index f6c8e8651..b8e161e10 100644 --- a/src/map/script.c +++ b/src/map/script.c @@ -7013,28 +7013,25 @@ BUILDIN(delitem) { TBL_PC *sd; struct item it; - if( script_hasdata(st,4) ) - { + if (script_hasdata(st,4)) { int account_id = script_getnum(st,4); sd = map->id2sd(account_id); // - if( sd == NULL ) - { + if (sd == NULL) { ShowError("script:delitem: player not found (AID=%d).\n", account_id); st->state = END; return false; } - } - else - { + } else { sd = script->rid2sd(st);// attached player - if( sd == NULL ) + if (sd == NULL) return true; } - if( script_isstringtype(st, 2) ) { + memset(&it, 0, sizeof(it)); + if (script_isstringtype(st, 2)) { const char* item_name = script_getstr(st, 2); struct item_data* id = itemdb->search_name(item_name); - if( id == NULL ) { + if (id == NULL) { ShowError("script:delitem: unknown item \"%s\".\n", item_name); st->state = END; return false; @@ -7042,8 +7039,7 @@ BUILDIN(delitem) { it.nameid = id->nameid;// "" } else { it.nameid = script_getnum(st, 2);// - if( !itemdb->exists( it.nameid ) ) - { + if (!itemdb->exists(it.nameid)) { ShowError("script:delitem: unknown item \"%d\".\n", it.nameid); st->state = END; return false; @@ -7074,26 +7070,25 @@ BUILDIN(delitem2) { TBL_PC *sd; struct item it; - if( script_hasdata(st,11) ) { + if (script_hasdata(st,11)) { int account_id = script_getnum(st,11); sd = map->id2sd(account_id); // - if( sd == NULL ) { + if (sd == NULL) { ShowError("script:delitem2: player not found (AID=%d).\n", account_id); st->state = END; return false; } - } - else - { + } else { sd = script->rid2sd(st);// attached player if( sd == NULL ) return true; } - if( script_isstringtype(st, 2) ) { + memset(&it, 0, sizeof(it)); + if (script_isstringtype(st, 2)) { const char* item_name = script_getstr(st, 2); struct item_data* id = itemdb->search_name(item_name); - if( id == NULL ) { + if (id == NULL) { ShowError("script:delitem2: unknown item \"%s\".\n", item_name); st->state = END; return false; diff --git a/src/map/unit.c b/src/map/unit.c index a54780e83..e99b9f2a1 100644 --- a/src/map/unit.c +++ b/src/map/unit.c @@ -95,6 +95,8 @@ int unit_walktoxy_sub(struct block_list *bl) ud = unit->bl2ud(bl); if(ud == NULL) return 0; + memset(&wpd, 0, sizeof(wpd)); + if( !path->search(&wpd,bl->m,bl->x,bl->y,ud->to_x,ud->to_y,ud->state.walk_easy,CELL_CHKNOPASS) ) return 0; -- cgit v1.2.3-70-g09d2