Originally posted by [b]Ai4rei[/b]
http://www.eathena.ws/board/index.php?autocom=bugtracker&showbug=561
When the file refine_db.txt doesn't contain enough data, the MapServer crashes without any message. That may occur after:
- Increasing MAX_REFINE in status.h without updating refine_db.txt.
- After updating refine_db.txt and forgetting to define alle upgrade chances.
Problem is in status.c in function status_readdb(...):
CODE
[...]
sprintf(path, "%s/refine_db.txt", db_path);
fp=fopen(path,"r");
if(fp==NULL){
ShowError("can't read %s\n", path);
return 1;
}
i=0;
while(fgets(line, sizeof(line), fp))
{
char *split[MAX_REFINE+4];
if(line[0]=='/' && line[1]=='/')
continue;
if(atoi(line)<=0)
continue;
memset(split,0,sizeof(split));
for(j=0,p=line;j<MAX_REFINE+4 && p;j++){
split[j]=p;
p=strchr(p,',');
if(p) *p++=0;
}
refinebonus[i][0]=atoi(split[0]); // ¸?ƒ{?ƒiƒX
refinebonus[i][1]=atoi(split[1]); // ‰ß?¸?Æ’{?Æ’iÆ’X
refinebonus[i][2]=atoi(split[2]); // ˆÀ‘S¸?ŒÀŠE
for(j=0;j<MAX_REFINE && split[j];j++)
percentrefinery[i][j]=atoi(split[j+3]); // <-- Here the server crashes, when refine_db.txt doesn't have enough data.
i++;
}
fclose(fp); //Lupus. close this file!!!
ShowStatus("Done reading '"CL_WHITE"%s"CL_RESET"'.\n",path);
[...]
I guess the mistake is in
CODE
for(j=0;j<MAX_REFINE && split[j];j++)
as is checks for split[j] while split[j+3] is accessed.
This post has been edited by Ai4rei: Dec 7 2007, 09:31 AM