From da48ba6d13262ffd3262239eb6f1d75b468bac90 Mon Sep 17 00:00:00 2001
From: Markus Armbruster <armbru@pond.sub.org>
Date: Thu, 31 Dec 2009 11:27:48 +0100
Subject: [PATCH] Fix sloppy sanity check for mobility going negative in
 transport

Assignment to sct_mobil was vulnerable to integer underflow.  Should
not happen, as move_ground() never returns a cost exceeding available
mobility.
---
 src/lib/commands/tran.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/lib/commands/tran.c b/src/lib/commands/tran.c
index cbb27bc1b..a3335ed50 100644
--- a/src/lib/commands/tran.c
+++ b/src/lib/commands/tran.c
@@ -134,8 +134,9 @@ tran_nuke(void)
     else
 	pr("No mobility used\n");
     getsect(srcx, srcy, &sect);
-    sect.sct_mobil -= mcost;
-    if (sect.sct_mobil < 0)
+    if (sect.sct_mobil >= mcost)
+	sect.sct_mobil -= mcost;
+    else
 	sect.sct_mobil = 0;
     putsect(&sect);
     return RET_OK;
@@ -229,8 +230,9 @@ tran_plane(void)
     else
 	pr("No mobility used\n");
     getsect(srcx, srcy, &sect);
-    sect.sct_mobil -= mcost;
-    if (sect.sct_mobil < 0)
+    if (sect.sct_mobil >= mcost)
+	sect.sct_mobil -= mcost;
+    else
 	sect.sct_mobil = 0;
     putsect(&sect);
     return RET_OK;
-- 
2.43.0