mirror of
https://github.com/OpenFusionProject/OpenFusion.git
synced 2024-12-23 03:40:05 +00:00
Improve DB and Nano sanity checks
I'm aware that the DB checks still allow ID 0 items and Nanos, but the point of those is primarily to prevent invalid memory access.
This commit is contained in:
parent
04a17ed862
commit
217168fe50
@ -906,7 +906,7 @@ void Database::getPlayer(Player* plr, int id) {
|
||||
int slot = sqlite3_column_int(stmt, 0);
|
||||
|
||||
// for extra safety
|
||||
if (slot > AEQUIP_COUNT + AINVEN_COUNT + ABANK_COUNT) {
|
||||
if (slot < 0 || slot > AEQUIP_COUNT + AINVEN_COUNT + ABANK_COUNT) {
|
||||
std::cout << "[WARN] Database: Invalid item slot in db?! " << std::endl;
|
||||
continue;
|
||||
}
|
||||
@ -947,6 +947,10 @@ void Database::getPlayer(Player* plr, int id) {
|
||||
while (sqlite3_step(stmt) == SQLITE_ROW) {
|
||||
int slot = sqlite3_column_int(stmt, 0);
|
||||
|
||||
// for extra safety
|
||||
if (slot < 0)
|
||||
continue;
|
||||
|
||||
sItemBase* item = &plr->QInven[slot];
|
||||
item->iType = 8;
|
||||
item->iID = sqlite3_column_int(stmt, 1);
|
||||
@ -969,7 +973,7 @@ void Database::getPlayer(Player* plr, int id) {
|
||||
int id = sqlite3_column_int(stmt, 0);
|
||||
|
||||
// for extra safety
|
||||
if (id > NANO_COUNT)
|
||||
if (id < 0 || id > NANO_COUNT)
|
||||
continue;
|
||||
|
||||
sNano* nano = &plr->Nanos[id];
|
||||
@ -1877,4 +1881,4 @@ void Database::recordCodeRedemption(int playerId, std::string code) {
|
||||
if (sqlite3_step(stmt) != SQLITE_DONE)
|
||||
std::cout << "[WARN] Database: recording of code redemption failed: " << sqlite3_errmsg(db) << std::endl;
|
||||
sqlite3_finalize(stmt);
|
||||
}
|
||||
}
|
||||
|
@ -240,7 +240,7 @@ void NanoManager::nanoPotionHandler(CNSocket* sock, CNPacketData* data) {
|
||||
|
||||
#pragma region Helper methods
|
||||
void NanoManager::addNano(CNSocket* sock, int16_t nanoID, int16_t slot, bool spendfm) {
|
||||
if (nanoID >= NANO_COUNT)
|
||||
if (nanoID <= 0 || nanoID >= NANO_COUNT)
|
||||
return;
|
||||
|
||||
Player *plr = PlayerManager::getPlayer(sock);
|
||||
|
Loading…
Reference in New Issue
Block a user