[CF-Devel] Client crash, money quantity

crossfire-devel at archives.real-time.com crossfire-devel at archives.real-time.com
Sun Jul 18 23:00:08 CDT 2004 

Nicolas Weeger wrote:
>
     
      Hello.
     
     >
     
     
     >
     
      This morning, a player converted 500M plat to gold, using the converters.
     
     >
     
     
     >
     
      The result was a *negative* gold coin count.
     
     >
     
      This is bad in itself, and also would crash the client right away when 
     
     >
     
      stepping on the pile :)
     
     >
     
      Extract from the evil function: (in common/item.c)
     
     >
     
     
     >
     
      char *get_number(int i) {
     
     >
     
      static char numbers[21][20] = {
     
     >
     
     
     >
     
      "no","a","two","three","four","five","six","seven","eight","nine","ten",
     
     >
     
     
     >
     
      "eleven","twelve","thirteen","fourteen","fifteen","sixteen","seventeen",
     
     >
     
        "eighteen","nineteen","twenty"
     
     >
     
      };
     
     >
     
     
     >
     
     
     >
     
        if(i<=20)
     
     >
     
          return numbers[i];
     
     >
     
     
     >
     
      Obviously, with a *negative* i, it gives weird results, and the sprintf 
     
     >
     
      using the result has, err, some issues ;p
     
     >
     
     
     >
     
      Client itself isn't too hard to fix. But what'd need fixing is the 
     
     >
     
      server code, too :)
     
     >
     
      Maybe in the plugin part?
     
     
  Taking a quick look, what I see is that the client uses 'sint32' for the nrof 
field, and the server uses 'uint32'.

  So the overflow will causes issues for the player (basically, losing some 
amount of gold) but otherwise shouldn't cause any issues.  Other than going to a 
64 bit type for nrof, there is no real fix (well, one could add code in to check 
for overflows here and there, but there are potentially lots of places this 
could happen).  bigger issue is how a player gets 500 million in platinum, but 
we've had that discussion before.

  The fix for the client is to probably change it to also use uint32.  Taking a 
very quick look at the client, I don't see any cases where it needs to be a 
negative values (my thought was that there could be a case where it might do 
something like that to note the object is cleared or special meaning, but that 
doesn't appear to be the case).


_______________________________________________
crossfire-devel mailing list
     
     crossfire-devel at lists.real-time.com
     
     
     https://mailman.real-time.com/mailman/listinfo/crossfire-devel

More information about the crossfire mailing list