memory bugs fixed

git-svn-id: https://svn.code.sf.net/p/rathena/svn/branches/stable@1278 54d463be-8e91-2dee-dedb-b68131a5f0ec

Changelog-SVN.txt

@@ -1,6 +1,16 @@
 Date	Added
 
 03/23
+        * Fixed possible memory corruption in storage if number of guilds
+          in database exceeds the max server can support [1278 : MouseJstr]
+        * Fixed @mapexit to properly flush the fifo's before shutting
+          server down to help insure all the char data is properly flushed
+          [1278: MouseJstr]
+        * Fixed trade exploit/crash from invalid data being sent
+          [1278: MouseJstr]
+        * Possible use of uninitialized data used during mob walk 
+          calculation resulting in radical mob movement or crash
+          [1278: MouseJstr]
 	* Fixed some --addrace variables' sizes [celest]
 	* Added' require_glory_guild' - sets whether changing guild emblems require
 	  the Glory of Guild skill [celest]

src/char_sql/int_storage.c

@@ -146,6 +146,8 @@ int guild_storage_fromsql(int guild_id, struct guild_storage *p){
 			p->storage[i].card[2]= atoi(sql_row[9]);
 			p->storage[i].card[3]= atoi(sql_row[10]);
 			p->storage_amount = ++i;
+			if (i >= MAX_GUILD_STORAGE)
+				break;
 		}
 		mysql_free_result(sql_res);
 	}

src/map/atcommand.c

@@ -5195,6 +5195,8 @@ int atcommand_mapexit(
 		}
 	}
 	clif_GM_kick(sd, sd, 0);
+	
+	flush_fifos();
 
 	runflag = 0;
 

src/map/battle.c

@@ -2291,8 +2291,42 @@ static struct Damage battle_calc_pc_weapon_attack(
 			case ASC_BREAKER:		// -- moonsoul (special damage for ASC_BREAKER skill)
 				if(sd){
 					// calculate physical part of damage
+#ifndef TWILIGHT
 					damage = damage * skill_lv;
 					damage2 = damage2 * skill_lv;
+#else /* TWILIGHT */
+					damage = damage * skill_lv * 0.5; //Halved by Krel
+					damage2 = damage2 * skill_lv * 0.5; //Halved by Krel
+					// element modifier added right after this
+
+					// calculate magic part of damage
+					damage3 = skill_lv * status_get_int(src) * 5 * 0.5; //Krel
+					// ignores magic defense now [Celest]
+					/*if(sd->ignore_mdef_ele & (1<<t_ele) || sd->ignore_mdef_race & (1<<t_race))
+						imdef_flag = 1;
+					if(t_mode & 0x20) {
+						if(sd->ignore_mdef_race & (1<<10))
+							imdef_flag = 1;
+					}
+					else {
+						if(sd->ignore_mdef_race & (1<<11))
+							imdef_flag = 1;
+					}
+					if(!imdef_flag){
+						if(battle_config.magic_defense_type) {
+							damage3 = damage3 - (mdef1 * battle_config.magic_defense_type) - mdef2;
+						}
+						else{
+							damage3 = (damage3*(100-mdef1))/100 - mdef2;
+						}
+					}
+
+					if(damage3<1)
+						damage3=1;
+
+					damage3=battle_attr_fix(damage2,s_ele_, status_get_element(target) );*/
+
+#endif /* TWILIGHT */
 					flag=(flag&~BF_RANGEMASK)|BF_LONG;
 				}
 				break;

src/map/mob.c

@@ -815,8 +815,12 @@ static int mob_walktoxy_sub(struct mob_data *md)
 
 	nullpo_retr(0, md);
 
+	memset(&wpd, 0, sizeof(wpd));
+
 	if(path_search(&wpd,md->bl.m,md->bl.x,md->bl.y,md->to_x,md->to_y,md->state.walk_easy))
 		return 1;
+	if (wpd.path[0] >= 8)
+		return 1;	
 	x = md->bl.x+dirx[wpd.path[0]];
 	y = md->bl.y+diry[wpd.path[0]];
 	if (map_getcell(md->bl.m,x,y,CELL_CHKBASILICA) && !(status_get_mode(&md->bl)&0x20)) {

src/map/status.c

@@ -3124,7 +3124,11 @@ int status_change_start(struct block_list *bl,int type,int val1,int val2,int val
 		case SC_ENDURE:				/* ƒCƒ“ƒfƒ…ƒA */
 			if(tick <= 0) tick = 1000 * 60;
 			calc_flag = 1; // for updating mdef
+#ifdef TWILIGHT
+			val2 = 40; // [Celest]
+#else
 			val2 = 7; // [Celest]
+#endif
 			break;
 		case SC_AUTOBERSERK:
 			{

src/map/trade.c

@@ -220,8 +220,9 @@ void trade_tradeok(struct map_session_data *sd) {
 
 	// check items
 	for(trade_i = 0; trade_i < 10; trade_i++) {
-		if (sd->deal_item_amount[trade_i] > sd->status.inventory[sd->deal_item_index[trade_i]-2].amount ||
-		    sd->deal_item_amount[trade_i] < 0) {
+		if (((sd->deal_item_index[trade_i]-2) < 0) ||
+		    (sd->deal_item_amount[trade_i] > sd->status.inventory[sd->deal_item_index[trade_i]-2].amount) ||
+		    (sd->deal_item_amount[trade_i] < 0)) {
 			trade_tradecancel(sd);
 			return;
 		}