From 217168fe50646601cb5efa1dee7dbb1f194e7a56 Mon Sep 17 00:00:00 2001
From: dongresource <dongresource@protonmail.com>
Date: Wed, 27 Jan 2021 02:27:08 +0100
Subject: [PATCH] Improve DB and Nano sanity checks

I'm aware that the DB checks still allow ID 0 items and Nanos, but the
point of those is primarily to prevent invalid memory access.
---
 src/Database.cpp    | 10 +++++++---
 src/NanoManager.cpp |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/Database.cpp b/src/Database.cpp
index 72346c9..5d1d3c6 100644
--- a/src/Database.cpp
+++ b/src/Database.cpp
@@ -906,7 +906,7 @@ void Database::getPlayer(Player* plr, int id) {
         int slot = sqlite3_column_int(stmt, 0);
 
         // for extra safety
-        if (slot > AEQUIP_COUNT + AINVEN_COUNT + ABANK_COUNT) {
+        if (slot < 0 || slot > AEQUIP_COUNT + AINVEN_COUNT + ABANK_COUNT) {
             std::cout << "[WARN] Database: Invalid item slot in db?! " << std::endl;
             continue;
         }
@@ -947,6 +947,10 @@ void Database::getPlayer(Player* plr, int id) {
     while (sqlite3_step(stmt) == SQLITE_ROW) {
         int slot = sqlite3_column_int(stmt, 0);
 
+        // for extra safety
+        if (slot < 0)
+            continue;
+
         sItemBase* item = &plr->QInven[slot];
         item->iType = 8;
         item->iID = sqlite3_column_int(stmt, 1);
@@ -969,7 +973,7 @@ void Database::getPlayer(Player* plr, int id) {
         int id = sqlite3_column_int(stmt, 0);
 
         // for extra safety
-        if (id > NANO_COUNT)
+        if (id < 0 || id > NANO_COUNT)
             continue;
 
         sNano* nano = &plr->Nanos[id];
@@ -1877,4 +1881,4 @@ void Database::recordCodeRedemption(int playerId, std::string code) {
     if (sqlite3_step(stmt) != SQLITE_DONE)
         std::cout << "[WARN] Database: recording of code redemption failed: " << sqlite3_errmsg(db) << std::endl;
     sqlite3_finalize(stmt);
-}
\ No newline at end of file
+}
diff --git a/src/NanoManager.cpp b/src/NanoManager.cpp
index 2525c9f..e2a692d 100644
--- a/src/NanoManager.cpp
+++ b/src/NanoManager.cpp
@@ -240,7 +240,7 @@ void NanoManager::nanoPotionHandler(CNSocket* sock, CNPacketData* data) {
 
 #pragma region Helper methods
 void NanoManager::addNano(CNSocket* sock, int16_t nanoID, int16_t slot, bool spendfm) {
-    if (nanoID >= NANO_COUNT)
+    if (nanoID <= 0 || nanoID >= NANO_COUNT)
         return;
 
     Player *plr = PlayerManager::getPlayer(sock);