Improve DB and Nano sanity checks

I'm aware that the DB checks still allow ID 0 items and Nanos, but the
point of those is primarily to prevent invalid memory access.
This commit is contained in:
dongresource 2021-01-27 02:27:08 +01:00
parent 04a17ed862
commit 217168fe50
2 changed files with 8 additions and 4 deletions

View File

@ -906,7 +906,7 @@ void Database::getPlayer(Player* plr, int id) {
int slot = sqlite3_column_int(stmt, 0); int slot = sqlite3_column_int(stmt, 0);
// for extra safety // for extra safety
if (slot > AEQUIP_COUNT + AINVEN_COUNT + ABANK_COUNT) { if (slot < 0 || slot > AEQUIP_COUNT + AINVEN_COUNT + ABANK_COUNT) {
std::cout << "[WARN] Database: Invalid item slot in db?! " << std::endl; std::cout << "[WARN] Database: Invalid item slot in db?! " << std::endl;
continue; continue;
} }
@ -947,6 +947,10 @@ void Database::getPlayer(Player* plr, int id) {
while (sqlite3_step(stmt) == SQLITE_ROW) { while (sqlite3_step(stmt) == SQLITE_ROW) {
int slot = sqlite3_column_int(stmt, 0); int slot = sqlite3_column_int(stmt, 0);
// for extra safety
if (slot < 0)
continue;
sItemBase* item = &plr->QInven[slot]; sItemBase* item = &plr->QInven[slot];
item->iType = 8; item->iType = 8;
item->iID = sqlite3_column_int(stmt, 1); item->iID = sqlite3_column_int(stmt, 1);
@ -969,7 +973,7 @@ void Database::getPlayer(Player* plr, int id) {
int id = sqlite3_column_int(stmt, 0); int id = sqlite3_column_int(stmt, 0);
// for extra safety // for extra safety
if (id > NANO_COUNT) if (id < 0 || id > NANO_COUNT)
continue; continue;
sNano* nano = &plr->Nanos[id]; sNano* nano = &plr->Nanos[id];

View File

@ -240,7 +240,7 @@ void NanoManager::nanoPotionHandler(CNSocket* sock, CNPacketData* data) {
#pragma region Helper methods #pragma region Helper methods
void NanoManager::addNano(CNSocket* sock, int16_t nanoID, int16_t slot, bool spendfm) { void NanoManager::addNano(CNSocket* sock, int16_t nanoID, int16_t slot, bool spendfm) {
if (nanoID >= NANO_COUNT) if (nanoID <= 0 || nanoID >= NANO_COUNT)
return; return;
Player *plr = PlayerManager::getPlayer(sock); Player *plr = PlayerManager::getPlayer(sock);