1. Hercules bug tracker archive
  2. eA Bug Archives
  3. Crash in npc_parsesrcfile

Crash in npc_parsesrcfile

Issue information

Issue ID
#4423
Status
Fixed
Severity
None
Started
Hercules Elf Bot
Sep 6, 2010 13:57
Last Post
Hercules Elf Bot
Sep 6, 2010 13:57
Confirmation
N/A

Hercules Elf Bot - Sep 6, 2010 13:57

Originally posted by [b]nevelis[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=4423

In npc.c, in npc_parsesrcfile():

CODE
        if( strcmp(w1,"-") !=0 && strcasecmp(w1,"function") != 0 )
        {// w1 = <map name>,<x>,<y>,<facing>
            char mapname[2048];
            sscanf(w1,"%[^,]",mapname);
            if( !mapindex_name2id(mapname) )
            {// Incorrect map, we must skip the script info...
                ShowError("npc_parsesrcfile: Unknown map '%s' in file '%s', line '%d'. Skipping line...\n", mapname, filepath, strline(buffer,p-buffer));
                if( strcasecmp(w2,"script") == 0 && count > 3 )
                    p = npc_skip_script(p,buffer,filepath);
                p = strchr(p,'\n');// next line
                continue;
            }
            m = map_mapname2mapid(mapname);
            if( m < 0 )
            {// "mapname" is not assigned to this server, we must skip the script info...
                if( strcasecmp(w2,"script") == 0 && count > 3 )
                    p = npc_skip_script(p,buffer,filepath);
                p = strchr(p,'\n');// next line
                continue;
            }
        }


If the map doesn't exist or isn't assigned to the current mapserver, AND the script has mismatched parenthesis, the server crashes on "p = strchr(p, '\n');// next line"

Test case:

CODE
nonexistant,100,100,0    script    mapcrash    -1,{
    end;


Fix:


CODE
        if( strcmp(w1,"-") !=0 && strcasecmp(w1,"function") != 0 )
        {// w1 = <map name>,<x>,<y>,<facing>
            char mapname[2048];
            sscanf(w1,"%[^,]",mapname);
            if( !mapindex_name2id(mapname) )
            {// Incorrect map, we must skip the script info...
                ShowError("npc_parsesrcfile: Unknown map '%s' in file '%s', line '%d'. Skipping line...\n", mapname, filepath, strline(buffer,p-buffer));
                if( strcasecmp(w2,"script") == 0 && count > 3 )
                {
                    p = npc_skip_script(p,buffer,filepath);
                    if(!p) break;
                }
                p = strchr(p,'\n');// next line
                continue;
            }
            m = map_mapname2mapid(mapname);
            if( m < 0 )
            {// "mapname" is not assigned to this server, we must skip the script info...
                if( strcasecmp(w2,"script") == 0 && count > 3 )
                {
                    p = npc_skip_script(p,buffer,filepath);
                    if(!p) break;
                }
                p = strchr(p,'\n');// next line
                continue;
            }
        }


EDIT: Looks like this got introduced before the revision I have mentioned, I will keep looking.

Edit 2: http://code.google.com/p/eathena-project/s...k/src/map/npc.c


This post has been edited by nevelis: Sep 6 2010, 07:05 AM