Crossfire Mailing List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Server crash in /city/anthony/prison
- To: Crossfire List at Real-Time <>
- Subject: Server crash in /city/anthony/prison
- From: Neil Muller <>
- Date: Thu, 15 Jun 2000 17:04:09 +0200
- Reply-To: Neil Muller <>
With the current CVS distribution (and ver 0.95.5) its possible to crash the
server by talking to the thief in /city/anthony/prison.
The message part of the thief is improperly terminated, causing the server
to leave a dangling pointer where it expects a string. Naturally, bad things
happen.
Attached are two patches. The first fixes the map to be sensible, the second
tries to make the parse_messages function in monster.c a bit more robust
in situations like this and also provides some logging information.
(Unfortunately, we don't have access to the object pointer in parse_message,
so the log messages are somewhat less complete than I would like.) Probably
the logging messages should be wrapped in an if (debug) statement, but
I've not done so.
It is also possible to avoid the crash by changing how nrofkeywords is
calculated, but I feel that would limit the infomation available for
logging even more.
--
Neil Muller
A Gentleman is someone who knows how to play the bagpipes
and doesn't.
I see no need to concern myself with the medical professions neurotic
hangups about food.
--- maps.orig/city/anthony/prison Sat May 27 04:51:14 2000
+++ maps/city/anthony/prison Thu Jun 15 15:36:48 2000
@@ -598,7 +598,7 @@
@match innocent
I don't know how that lady's purse
ended up in my pocket! I was framed!
-@match framed|frame|
+@match framed|frame
Wise guy ha! Well Phooey to you too.
I want my lawyer.
@match *
--- crossfire/server/monster.c.orig Thu Jun 15 15:37:51 2000
+++ crossfire/server/monster.c Thu Jun 15 16:15:41 2000
@@ -1262,6 +1262,17 @@
*line = '\0';
if (last != line)
msgs->keywords[msgnr][keywordnr++] = strdup_local(last);
+ else {
+ if (keywordnr<nrofkeywords)
+ {
+ msgs->keywords[msgnr][keywordnr++] = strdup_local("xxxx");
+ fprintf (stderr, "Tried to set a zero length message in parse_message\n");
+ if (keywordnr>1)
+ fprintf(stderr, "Msgnr %d, after keyword %s\n",msgnr+1,msgs->keywords[msgnr][keywordnr-2]);
+ else
+ fprintf(stderr, "Msgnr %d, first keyword\n",msgnr+1);
+ }
+ }
last = line + 1;
}
last = cp;