From 3e1fe0d3842aab1c85f4dfd8e3533ca6631fc4e5 Mon Sep 17 00:00:00 2001
From: Haru <haru@dotalux.com>
Date: Sat, 25 Oct 2014 00:42:05 +0200
Subject: Added some missing variable initializations

- The issue was caused by memcmp failing because of garbage in structs
  padding.
- Fixes bugreport:8410, special thanks (and credits for the fix) to Garr
  http://hercules.ws/board/tracker/issue-8410-autotradeat-issue/
- Also reduced scope of some variables, where appropriate.
- Thanks to Ind.

Signed-off-by: Haru <haru@dotalux.com>
---
 src/char/char.c        | 10 +++++++++-
 src/char/char.h        |  2 --
 src/char/int_mail.c    |  3 +++
 src/char/int_storage.c |  1 +
 4 files changed, 13 insertions(+), 3 deletions(-)

(limited to 'src/char')

diff --git a/src/char/char.c b/src/char/char.c
index 6549ead3c..824c782bc 100644
--- a/src/char/char.c
+++ b/src/char/char.c
@@ -750,6 +750,7 @@ int memitemdata_to_sql(const struct item items[], int max, int id, int tableswit
 		return 1;
 	}
 
+	memset(&item, 0, sizeof(item));
 	SQL->StmtBindColumn(stmt, 0, SQLDT_INT,       &item.id,          0, NULL, NULL);
 	SQL->StmtBindColumn(stmt, 1, SQLDT_SHORT,     &item.nameid,      0, NULL, NULL);
 	SQL->StmtBindColumn(stmt, 2, SQLDT_SHORT,     &item.amount,      0, NULL, NULL);
@@ -893,6 +894,7 @@ int inventory_to_sql(const struct item items[], int max, int id) {
 		return 1;
 	}
 
+	memset(&item, 0, sizeof(item));
 	SQL->StmtBindColumn(stmt, 0, SQLDT_INT,       &item.id,          0, NULL, NULL);
 	SQL->StmtBindColumn(stmt, 1, SQLDT_SHORT,     &item.nameid,      0, NULL, NULL);
 	SQL->StmtBindColumn(stmt, 2, SQLDT_SHORT,     &item.amount,      0, NULL, NULL);
@@ -1229,6 +1231,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything
 
 	//read memo data
 	//`memo` (`memo_id`,`char_id`,`map`,`x`,`y`)
+	memset(&tmp_point, 0, sizeof(tmp_point));
 	if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT `map`,`x`,`y` FROM `%s` WHERE `char_id`=? ORDER by `memo_id` LIMIT %d", memo_db, MAX_MEMOPOINTS)
 	||	SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0)
 	||	SQL_ERROR == SQL->StmtExecute(stmt)
@@ -1251,6 +1254,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything
 		StrBuf->Printf(&buf, ", `card%d`", i);
 	StrBuf->Printf(&buf, " FROM `%s` WHERE `char_id`=? LIMIT %d", inventory_db, MAX_INVENTORY);
 
+	memset(&tmp_item, 0, sizeof(tmp_item));
 	if( SQL_ERROR == SQL->StmtPrepareStr(stmt, StrBuf->Value(&buf))
 	||	SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0)
 	||	SQL_ERROR == SQL->StmtExecute(stmt)
@@ -1312,6 +1316,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything
 
 	//read skill
 	//`skill` (`char_id`, `id`, `lv`)
+	memset(&tmp_skill, 0, sizeof(tmp_skill));
 	if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT `id`, `lv`,`flag` FROM `%s` WHERE `char_id`=? LIMIT %d", skill_db, MAX_SKILL)
 	||	SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0)
 	||	SQL_ERROR == SQL->StmtExecute(stmt)
@@ -1333,6 +1338,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything
 
 	//read friends
 	//`friends` (`char_id`, `friend_account`, `friend_id`)
+	memset(&tmp_friend, 0, sizeof(tmp_friend));
 	if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT c.`account_id`, c.`char_id`, c.`name` FROM `%s` c LEFT JOIN `%s` f ON f.`friend_account` = c.`account_id` AND f.`friend_id` = c.`char_id` WHERE f.`char_id`=? LIMIT %d", char_db, friend_db, MAX_FRIENDS)
 	||	SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0)
 	||	SQL_ERROR == SQL->StmtExecute(stmt)
@@ -1348,6 +1354,7 @@ int mmo_char_fromsql(int char_id, struct mmo_charstatus* p, bool load_everything
 #ifdef HOTKEY_SAVING
 	//read hotkeys
 	//`hotkey` (`char_id`, `hotkey`, `type`, `itemskill_id`, `skill_lvl`
+	memset(&tmp_hotkey, 0, sizeof(tmp_hotkey));
 	if( SQL_ERROR == SQL->StmtPrepare(stmt, "SELECT `hotkey`, `type`, `itemskill_id`, `skill_lvl` FROM `%s` WHERE `char_id`=?", hotkey_db)
 	||	SQL_ERROR == SQL->StmtBindParam(stmt, 0, SQLDT_INT, &char_id, 0)
 	||	SQL_ERROR == SQL->StmtExecute(stmt)
@@ -3061,6 +3068,7 @@ int parse_frommap(int fd)
 					int count;
 					char* data;
 
+					memset(&scdata, 0, sizeof(scdata));
 					WFIFOHEAD(fd,14+50*sizeof(struct status_change_data));
 					WFIFOW(fd,0) = 0x2b1d;
 					WFIFOL(fd,4) = aid;
@@ -3232,7 +3240,6 @@ int parse_frommap(int fd)
 			{
 				int map_id, map_fd = -1;
 				struct mmo_charstatus* char_data;
-				struct mmo_charstatus char_dat;
 
 				map_id = search_mapserver(RFIFOW(fd,18), ntohl(RFIFOL(fd,24)), ntohs(RFIFOW(fd,28))); //Locate mapserver by ip and port.
 				if (map_id >= 0)
@@ -3240,6 +3247,7 @@ int parse_frommap(int fd)
 				//Char should just had been saved before this packet, so this should be safe. [Skotlex]
 				char_data = (struct mmo_charstatus*)uidb_get(char_db_,RFIFOL(fd,14));
 				if (char_data == NULL) {	//Really shouldn't happen.
+					struct mmo_charstatus char_dat;
 					mmo_char_fromsql(RFIFOL(fd,14), &char_dat, true);
 					char_data = (struct mmo_charstatus*)uidb_get(char_db_,RFIFOL(fd,14));
 				}
diff --git a/src/char/char.h b/src/char/char.h
index 5a70d2ca7..4d053484b 100644
--- a/src/char/char.h
+++ b/src/char/char.h
@@ -14,8 +14,6 @@ enum E_CHARSERVER_ST {
 	CHARSERVER_ST_LAST
 };
 
-struct mmo_charstatus;
-
 struct char_session_data {
 	bool auth; // whether the session is authed or not
 	int account_id, login_id1, login_id2, sex;
diff --git a/src/char/int_mail.c b/src/char/int_mail.c
index 86a36d59f..47d2cc1c5 100644
--- a/src/char/int_mail.c
+++ b/src/char/int_mail.c
@@ -148,6 +148,7 @@ static bool mail_loadmessage(int mail_id, struct mail_message* msg)
 {
 	int j;
 	StringBuf buf;
+	memset(msg, 0, sizeof(struct mail_message)); // Initialize data
 
 	StrBuf->Init(&buf);
 	StrBuf->AppendStr(&buf, "SELECT `id`,`send_name`,`send_id`,`dest_name`,`dest_id`,`title`,`message`,`time`,`status`,"
@@ -206,6 +207,7 @@ static bool mail_loadmessage(int mail_id, struct mail_message* msg)
 static void mapif_Mail_sendinbox(int fd, int char_id, unsigned char flag)
 {
 	struct mail_data md;
+	memset(&md, 0, sizeof(md));
 	mail_fromsql(char_id, &md);
 
 	//FIXME: dumping the whole structure like this is unsafe [ultramage]
@@ -262,6 +264,7 @@ static bool mail_DeleteAttach(int mail_id)
 static void mapif_Mail_getattach(int fd, int char_id, int mail_id)
 {
 	struct mail_message msg;
+	memset(&msg, 0, sizeof(msg));
 
 	if( !mail_loadmessage(mail_id, &msg) )
 		return;
diff --git a/src/char/int_storage.c b/src/char/int_storage.c
index 882d9b2a5..b9d9f2e2c 100644
--- a/src/char/int_storage.c
+++ b/src/char/int_storage.c
@@ -282,6 +282,7 @@ int mapif_parse_ItemBoundRetrieve_sub(int fd)
 		return 1;
 	}
 
+	memset(&item, 0, sizeof(item));
 	SQL->StmtBindColumn(stmt, 0, SQLDT_INT,       &item.id,          0, NULL, NULL);
 	SQL->StmtBindColumn(stmt, 1, SQLDT_SHORT,     &item.nameid,      0, NULL, NULL);
 	SQL->StmtBindColumn(stmt, 2, SQLDT_SHORT,     &item.amount,      0, NULL, NULL);
-- 
cgit v1.2.3-70-g09d2