# HG changeset patch # User Darkvater # Date 1138301104 0 # Node ID 4f2bae38f077fdca936743eed51a78e2af9fd163 # Parent 69a3fba739d6232ae71388879bd5cea2f6760555 (svn r3446) - Fix: incorrect validating of tree-planting command which can allow a buffer-overflow (Tron) diff --git a/tree_cmd.c b/tree_cmd.c --- a/tree_cmd.c +++ b/tree_cmd.c @@ -139,7 +139,7 @@ int32 cost; int sx, sy, x, y; - if (p2 > MapSize()) return CMD_ERROR; + if (p2 >= MapSize()) return CMD_ERROR; /* Check the tree type. It can be random or some valid value within the current climate */ if (p1 != (uint)-1 && p1 - _tree_base_by_landscape[_opt.landscape] >= _tree_count_by_landscape[_opt.landscape]) return CMD_ERROR;