From cc9aa35050fe4e1e796288327a03b08e5943dbe2 Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sun, 2 Nov 2025 10:52:50 +0100
Subject: Added overflow checks

---
 FICS/playerdb.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'FICS')

diff --git a/FICS/playerdb.c b/FICS/playerdb.c
index 2b8ef04..21fc66d 100644
--- a/FICS/playerdb.c
+++ b/FICS/playerdb.c
@@ -2072,6 +2072,11 @@ player_decline_offers(int p, int p1, int offerType)
 	}
 
 	while ((offer = player_find_pendfrom(p, p1, offerType)) >= 0) {
+		if (offer >= (int)ARRAY_SIZE(parray[0].p_from_list)) {
+			warnx("%s: 'offer' too large", __func__);
+			break;
+		}
+
 		type	= parray[p].p_from_list[offer].type;
 		p2	= parray[p].p_from_list[offer].whofrom;
 		p2Name	= parray[p2].name;
@@ -2185,6 +2190,11 @@ player_withdraw_offers(int p, int p1, int offerType)
 	}
 
 	while ((offer = player_find_pendto(p, p1, offerType)) >= 0) {
+		if (offer >= (int)ARRAY_SIZE(parray[0].p_to_list)) {
+			warnx("%s: 'offer' too large", __func__);
+			break;
+		}
+
 		type	= parray[p].p_to_list[offer].type;
 		p2	= parray[p].p_to_list[offer].whoto;
 		p2Name	= parray[p2].name;
-- 
cgit v1.2.3