Map Crash - Party

Originally posted by [b]Siberian[/b]
pc.c
[CODE]
/**
* Checks if player has a permission
* @param sd Player map session data
* @param permission permission to check
*/
bool pc_has_permission(struct map_session_data *sd, int permission)
{
return pc_group_has_permission(pc_get_group_id(sd), permission);
} <<<--- Line 8410
[/CODE]


core.c

[CODE]
{// Main runtime cycle
int next;
while (runflag != CORE_ST_STOP) {
next = do_timer(gettick_nocache());
do_sockets(next); <<<--- Line 303
[/CODE]

Originally posted by [b]Wildcard[/b]
[quote]warning: Source file is more recent than executable.[/quote]
Please re-run the backtrace with the source matching the executable.
Packet 2050 = 0x802 = CZ_PARTY_BOOKING_REQ_REGISTER does not call party_invite, and the length (26) does not match the official rAthena parse code, or packet_db (18), which suggests you are either using custom code, or using more a more recent packet_db than the one ships with rA, and thus a client that is not really supported.

Originally posted by [b]Gepard[/b]
Bug introduced in [rev=15763].

Originally posted by [b]Daegaladh[/b]
That's why I checked for tsd isn't null on my fix:
[url="http://rathena.org/board/tracker/issue-4863-exploits-that-let-you-know-if-a-player-or-gm-is-on/"]http://rathena.org/board/tracker/issue-4863-exploits-that-let-you-know-if-a-player-or-gm-is-on/[/url]

[quote name='Daegaladh' timestamp='1331767357' post='7579']
[quote name='Ind' timestamp='1323183258' post='5153']exploit 2: the fix you provided will crash if the tsd is not known; I'm not sure what'd be the best alternative (as checking for the tsd would just keep the exploit), always reply with no tsd name?exploit 3: the fix you provided will crash if the friend (f_sd) is not found, again i'm not sure what'd be the best workaround for this -- in both cases you can actually send a pm to the nick and find out, so i'm not sure this is actually an issue -- how does it work in officials btw?[/quote]Sorry, I've just realized of this report XD (I'm the author of the original one)And yep, I know about the crash, and this is what I did:Exploit 2:[CODEBOX] nullpo_ret(sd); if( ( p = party_search(sd->status.party_id) ) == NULL ) return 0;++ //Only leader can invite.+ ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd);+ if (i == MAX_PARTY || !p->party.member[i].leader)+ { //TODO: Find the correct reply packet.+ clif_displaymessage(sd->fd, msg_txt(282));+ return 0;+ }++ if( tsd != NULL) { //TODO: Find the correct reply packet.+ for(i=0;i<MAX_PARTY;i++){+ if(p->party.member[i].account_id == 0) //Room for a new member.+ flag = 1;+ /* By default Aegis BLOCKS more than one char from the same account on a party.+ * But eA does support it... so this check is left commented.+ if(p->party.member[i].account_id==tsd->status.account_id)+ {+ clif_party_inviteack(sd,tsd->status.name,4);+ return 0;+ }+ */+ }+ if (tsd != NULL && !flag) { //Full party.+ clif_party_inviteack(sd,tsd->status.name,3);+ return 0;+ }+ } if( tsd == NULL) { clif_party_inviteack(sd, "", 7); return 0;@@ -352,14 +380,6 @@ return 0; } - //Only leader can invite.- ARR_FIND(0, MAX_PARTY, i, p->data[i].sd == sd);- if (i == MAX_PARTY || !p->party.member[i].leader)- { //TODO: Find the correct reply packet.- clif_displaymessage(sd->fd, msg_txt(282));- return 0;- }- if(!battle_config.invite_request_check) { if (tsd->guild_invite>0 || tsd->trade_partner || tsd->adopt_invite) { clif_party_inviteack(sd,tsd->status.name,0);@@ -377,23 +397,7 @@ clif_party_inviteack(sd,tsd->status.name,0); return 0; }- for(i=0;i<MAX_PARTY;i++){- if(p->party.member[i].account_id == 0) //Room for a new member.- flag = 1;- /* By default Aegis BLOCKS more than one char from the same account on a party.- * But eA does support it... so this check is left commented.- if(p->party.member[i].account_id==tsd->status.account_id)- {- clif_party_inviteack(sd,tsd->status.name,4);- return 0;- }- */- }- if (!flag) { //Full party.- clif_party_inviteack(sd,tsd->status.name,3);- return 0;- }-+ tsd->party_invite=sd->status.party_id; tsd->party_invite_account=sd->status.account_id;[/CODEBOX]Exploit 3:[CODEBOX] f_sd = map_nick2sd((char*)RFIFOP(fd,2)); // Friend doesn't exist (no player with this name)+ if (f_sd != NULL) {+ // Friend already exists+ for (i = 0; i < MAX_FRIENDS && sd->status.friends[i].char_id != 0; i++) {+ if (sd->status.friends[i].char_id == f_sd->status.char_id) {+ clif_displaymessage(fd, "Friend already exists.");+ return;+ }+ }++ if (f_sd != NULL && i == MAX_FRIENDS) {+ //No space, list full.+ clif_friendslist_reqack(sd, f_sd, 2);+ return;+ }+ } if (f_sd == NULL) { clif_displaymessage(fd, msg_txt(3)); return;@@ -12171,20 +12245,6 @@ return; }- // Friend already exists- for (i = 0; i < MAX_FRIENDS && sd->status.friends[i].char_id != 0; i++) {- if (sd->status.friends[i].char_id == f_sd->status.char_id) {- clif_displaymessage(fd, "Friend already exists.");- return;- }- }-- if (i == MAX_FRIENDS) {- //No space, list full.- clif_friendslist_reqack(sd, f_sd, 2);- return;- }- f_fd = f_sd->fd; WFIFOHEAD(f_fd,packet_len(0x207)); WFIFOW(f_fd,0) = 0x207;[/CODEBOX]
[/quote]

Originally posted by [b]Epoque[/b]
Apologies, I forgot to add an extra check for the state of tsd. Fixed in [rev='15791'].

Originally posted by [b]Siberian[/b]
Thanks guys.