From a1bb4008e58b92e2af5099570a723e37ea138d0b Mon Sep 17 00:00:00 2001
From: Kenpachi Developer <Kenpachi.Developer@gmx.de>
Date: Sat, 14 Nov 2020 09:19:33 +0100
Subject: Add check for valid item amount to BUILDIN(rodex_sendmail2)

---
 src/map/script.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'src/map')

diff --git a/src/map/script.c b/src/map/script.c
index 1448715a7..1f49f04b9 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -25335,6 +25335,19 @@ static BUILDIN(rodex_sendmail2)
 			ShowError("script:rodex_sendmail: Missing Item %d amount!\n", (i + 1));
 			return false;
 		}
+
+		if (!data_isint(script_getdata(st, param + 1))) {
+			ShowError("script:rodex_sendmail: Passed amount for item %d is not a number!\n", i + 1);
+			return false;
+		}
+
+		int amount = script_getnum(st, param + 1);
+
+		if (amount < 1 || amount > min(MAX_AMOUNT, SHRT_MAX)) {
+			ShowError("script:rodex_sendmail: Invalid amount %d passed for item %d!\n", amount, i + 1);
+			return false;
+		}
+
 		if (!script_hasdata(st, param + 2)) {
 			ShowError("script:rodex_sendmail: Missing Item %d refine!\n", (i + 1));
 			return false;
@@ -25367,7 +25380,7 @@ static BUILDIN(rodex_sendmail2)
 		}
 
 		msg.items[i].item.nameid = idata->nameid;
-		msg.items[i].item.amount = script_getnum(st, (param + 1));
+		msg.items[i].item.amount = amount;
 		msg.items[i].item.refine = script_getnum(st, (param + 2));
 		msg.items[i].item.attribute = script_getnum(st, (param + 3));
 		msg.items[i].item.identify = 1;
-- 
cgit v1.2.3-60-g2f50