Originally posted by [b]theultramage[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=3154
There are several status changes that cause a full status_calc_pc: SC_PROVIDENCE, SC_SIEGFRIED, SC_SERVICE4U, SC_KNOWLEDGE, SC_SPIRIT, SC_ARMOR_ELEMENT, SC_ARMOR_RESIST, SC_SPCOST_RATE, SC_ITEMSCRIPT.
If such a status change is activated inside an item's autoscript() code, then
- skill_additional_effect() calls run_script() on sd->autoscript[i].script
- run_script() calls status_change_start()
- status_change_start() calls status_calc_pc()
- status_calc_pc() erases sd->autoscript[i].script and recreates it later in a different memory location
After this the stack unwinds and after control returns to run_script(), it will attempt to continue executing the script, reading the instructions from a script_code pointer that now points to deallocated memory. This will trigger a crash.
So far there are no eathena-official items affected. However, custom items might be, and an ep 13.1 item apparently requires SC_SPCOST_RATE inside an autoscript (which was the test case and motivation for this report, by Zephyrus).
This post has been edited by theultramage: May 31 2009, 03:12 AM