Originally posted by [b]theultramage[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=36
(Originally reported
in this topic)
When a mob dies, it drops items. Each item remembers who has priority to pick it up.
Since dropping them right away doesn't look that good, they are delayed according to certain conditions.
When using delay_battle_damage, there is no extra delay for the items (since the damage delay took care of it), and the items are dropped right away.
When not using the setting, lack of delay is compensated by giving the item drops a delay (of 500ms). Not a precise value, but who cares...
The problem is that the priority 'list' uses direct session_data pointers instead of player ids.
Therefore, an execution sequence where a player kills a mob and logs out faster than 500ms, the memory address that originally contained the session data will be invalid once the code tries to access it, causing a mapserver crash.
How to reproduce:
1. Set 'delay_battle_damage' to
no.
2. Disable ea's memory manager (it doesn't shred deallocated data).
2. Find this line
CODE
add_timer(tick + (!battle_config.delay_battle_damage?500:0), mob_delay_item_drop, (int)dlist, 0);
and change '500' to something that's easier to achieve, like 5000 or 10000.
3. Log in, kill a mob, log out, wait for the crash.