From 77aef58085f166d0ce0b3b06d81dde9a35a05e0d Mon Sep 17 00:00:00 2001
From: Kenpachi Developer <Kenpachi.Developer@gmx.de>
Date: Sat, 14 Nov 2020 09:12:18 +0100
Subject: Add check for valid item amount to BUILDIN(rodex_sendmail)

---
 src/map/script.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/map/script.c b/src/map/script.c
index 1f49f04b9..46e5528e5 100644
--- a/src/map/script.c
+++ b/src/map/script.c
@@ -25278,6 +25278,18 @@ static BUILDIN(rodex_sendmail)
 			return false;
 		}
 
+		if (!data_isint(script_getdata(st, param + 1))) {
+			ShowError("script:rodex_sendmail: Passed amount for item %d is not a number!\n", i + 1);
+			return false;
+		}
+
+		int amount = script_getnum(st, param + 1);
+
+		if (amount < 1 || amount > min(MAX_AMOUNT, SHRT_MAX)) {
+			ShowError("script:rodex_sendmail: Invalid amount %d passed for item %d!\n", amount, i + 1);
+			return false;
+		}
+
 		++item_count;
 		if (data_isstring(script_getdata(st, param)) == false) {
 			int itemid = script_getnum(st, param);
@@ -25295,7 +25307,7 @@ static BUILDIN(rodex_sendmail)
 		}
 
 		msg.items[i].item.nameid = idata->nameid;
-		msg.items[i].item.amount = script_getnum(st, (param + 1));
+		msg.items[i].item.amount = amount;
 		msg.items[i].item.identify = 1;
 
 		++i;
-- 
cgit v1.2.3-70-g09d2