Re: CF: Bug: win32/say cmd & memory leak

To: crossfire@ifi.uio.no
Subject: Re: CF: Bug: win32/say cmd & memory leak
From: Jan Echternach <echter@informatik.uni-rostock.de>
Date: Tue, 23 May 2000 01:36:09 +0200
In-Reply-To: <003c01bfc428$460daae0$33db6686@home.informatik.unibremen.de>; from mtx93@informatik.uni-bremen.de on Mon, May 22, 2000 at 09:59:43PM +0200
Mail-Followup-To: crossfire@ifi.uio.no
References: <003c01bfc428$460daae0$33db6686@home.informatik.unibremen.de>
Reply-To: Jan Echternach <jan.echternach@informatik.uni-rostock.de>
Sender: owner-crossfire@ifi.uio.no

On Mon, May 22, 2000 at 09:59:43PM +0200, Michael Toennies wrote:
> Also in the last CVS release, i can kill the server when i type 200 chars in
> the chat window
> and press the say cmd. If i shout the string, all works fine.

Probably a buffer overflow.

> Also, in the 95.5. i create me a superman ring for map testing, give him all
> immunities and
> protections. that means all including blind but not internal.
> 
> After i try to ID the ring, the server crashes badly (and i make the guy
> next to me crying because
> i kill his 20mb download :).

There are many places where an item desciption is stored in a buffer
smaller than a few thousand characters.  There are also two places in
socket/item.c where a string is sent to the client and the protocol is
limited to 255 characters (this can be worked around by truncating the
string).  I can't make a patch that fixes this because there are too
many conflicts with the apply() cleanup patch.

-- 
Jan
-
[you can put yourself on the announcement list only or unsubscribe altogether
by sending an email stating your wishes to crossfire-request@ifi.uio.no]

References:
- CF: Bug: win32/say cmd & memory leak
  - From: "Michael Toennies" <mtx93@informatik.uni-bremen.de>

Prev by Date: Re: CF: The Archer
Next by Date: Re: CF: Bug: win32/say cmd & memory leak
Prev by thread: CF: Bug: win32/say cmd & memory leak
Next by thread: Re: CF: Bug: win32/say cmd & memory leak
Index(es):
- Date
- Thread