From ecc3e7731cfcf99f0554981419c8e274a4ff3168 Mon Sep 17 00:00:00 2001
From: Gent Semaj <me@ycc.dev>
Date: Sat, 23 May 2026 14:52:50 -0700
Subject: [PATCH] Fix checks for trade item register/unregister

---
 src/Trading.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/Trading.cpp b/src/Trading.cpp
index d20184a..1fc38f5 100644
--- a/src/Trading.cpp
+++ b/src/Trading.cpp
@@ -340,6 +340,9 @@ static void tradeConfirmCancel(CNSocket* sock, CNPacketData* data) {
 static void tradeRegisterItem(CNSocket* sock, CNPacketData* data) {
     sP_CL2FE_REQ_PC_TRADE_ITEM_REGISTER* pacdat = (sP_CL2FE_REQ_PC_TRADE_ITEM_REGISTER*)data->buf;
 
+    if (pacdat->Item.iInvenNum < 0 || pacdat->Item.iInvenNum >= AINVEN_COUNT)
+        return; // inventory bounds check
+
     if (pacdat->Item.iSlotNum < 0 || pacdat->Item.iSlotNum > 4)
         return; // sanity check, there are only 5 trade slots
 
@@ -353,7 +356,13 @@ static void tradeRegisterItem(CNSocket* sock, CNPacketData* data) {
         return;
 
     Player* plr = PlayerManager::getPlayer(sock);
+    if (!plr->isTrading)
+        return;
+
     Player* plr2 = PlayerManager::getPlayer(otherSock);
+    if (!plr2->isTrading)
+        return;
+
     plr->Trade[pacdat->Item.iSlotNum] = pacdat->Item;
     plr->isTradeConfirm = false;
     plr2->isTradeConfirm = false;
@@ -397,7 +406,13 @@ static void tradeUnregisterItem(CNSocket* sock, CNPacketData* data) {
         return;
 
     Player* plr = PlayerManager::getPlayer(sock);
+    if (!plr->isTrading)
+        return;
+
     Player* plr2 = PlayerManager::getPlayer(otherSock);
+    if (!plr2->isTrading)
+        return;
+
     plr->isTradeConfirm = false;
     plr2->isTradeConfirm = false;