Originally posted by [b]Paradox924X[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=4022
Function Prototype:
CODE
int pc_skill(struct map_session_data* sd, int id, int level, int flag);
Flag Information:
QUOTE
/*==========================================
* Grants a player a given skill. Flag values are:
* 0 - Grant skill unconditionally and forever (only this one invokes status_calc_pc,
* as the other two are assumed to be invoked from within it)
* 1 - Grant an item skill (temporary)
* 2 - Like 1, except the level granted can stack with previously learned level.
*------------------------------------------*/
Problematic/Insufficient check:
CODE
if( level > MAX_SKILL_LEVEL ) {
ShowError("pc_skill: Skill level %d too high. Max lv supported is %d\n", level, MAX_SKILL_LEVEL);
return 0;
}
This check can be bypassed easily because of the fact that a 'flag' value of 2 will work additively and using a loop or multiple calls with a 'flag' value of 2 will eventually allow a skill to bypass a level of 100 and grow unchecked.
Also, the cases inside of the switch are out of order (case 0 -> case 2 -> case 1 -> default, vs case 0 -> case 1 -> case 2 -> default).
This post has been edited by Paradox924X: Jan 23 2010, 08:10 PM