aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xsrc/server/game/Entities/Player/Player.cpp23
1 files changed, 16 insertions, 7 deletions
diff --git a/src/server/game/Entities/Player/Player.cpp b/src/server/game/Entities/Player/Player.cpp
index 9b4b8b8251e..4635c8a1aef 100755
--- a/src/server/game/Entities/Player/Player.cpp
+++ b/src/server/game/Entities/Player/Player.cpp
@@ -20521,16 +20521,25 @@ bool Player::BuyItemFromVendorSlot(uint64 vendorguid, uint32 vendorslot, uint32
}
}
- uint32 price = crItem->IsGoldRequired(pProto) ? pProto->BuyPrice * count : 0;
+ uint32 price = 0;
+ if(crItem->IsGoldRequired(pProto))
+ {
+ uint32 maxCount = 0xFFFFFFFF / pProto->BuyPrice; //why price is int32? can be negative?
+ if((uint32)count > maxCount)
+ {
+ sLog->outError("Player %s tried to buy %u item id %u, causing overflow", GetName(), (uint32)count, pProto->ItemId);
+ count = (uint8)maxCount;
+ }
+ price = pProto->BuyPrice * count; //it should not exceed 0xFFFFFFFF
- // reputation discount
- if (price)
+ // reputation discount
price = uint32(floor(price * GetReputationPriceDiscount(pCreature)));
- if (!HasEnoughMoney(price))
- {
- SendBuyError(BUY_ERR_NOT_ENOUGHT_MONEY, pCreature, item, 0);
- return false;
+ if (!HasEnoughMoney(price))
+ {
+ SendBuyError(BUY_ERR_NOT_ENOUGHT_MONEY, pCreature, item, 0);
+ return false;
+ }
}
if ((bag == NULL_BAG && slot == NULL_SLOT) || IsInventoryPos(bag, slot))