Hercules Elf Bot - Aug 3, 2012 12:36
Originally posted by [b]Napster[/b]
I have test this script
[color=#ff0000][b]Not pass[/b][/color]
[CODE]
morocc,120,120,5 script Menu 69,{
for (set .@i, 0; .@i < 100; set .@i, .@i +1)
set .@menu$, .@menu$+"- TEST Menu No. ^FF0000" + .@i +"^000000:";
set .@index, select(.@menu$ +"- Exit") -1;
end;
}
[/CODE]
[color=#008000][b]Pass[/b][/color]
[CODE]
morocc,120,120,5 script Menu 69,{
for (set .@i, 0; .@i < 100; set .@i, .@i +1)
set .@menu$, .@menu$+"- Menu No. " + .@i +":";
set .@index, select(.@menu$ +"- Exit") -1;
end;
}
[/CODE]
I find it a problem that client crash.
I think the problem is likely due to two reasons.
1. Client limit.
2. Script limit.
But I'm still not sure, might be from other causes.
Please check it Thankyou
Hercules Elf Bot - Aug 3, 2012 12:51
Originally posted by [b]Ind[/b]
the client crashes?
Hercules Elf Bot - Aug 3, 2012 12:58
Originally posted by [b]Napster[/b]
yes sir client crash
Hercules Elf Bot - Aug 3, 2012 13:05
Originally posted by [b]Ind[/b]
the final menu string ends up being too long i guess o-o the server can't split it, we can't really fix that
Hercules Elf Bot - Aug 3, 2012 13:10
Originally posted by [b]Vianna[/b]
Kind of confirmed to be a client bug.
[code]void __thiscall CGameMode::Zc_Menu_List(CGameMode *this, const char *buf)
{
unsigned int length; // eax@1
UIFrameWnd *v3; // esi@1
char *i; // eax@1
char dialogSay[2048]; // [sp+Ch] [bp-800h]@1
HIWORD(length) = 0;
this->m_isOnQuest = 1;
LOWORD(length) = *((WORD *)buf + 1);
length -= 8;
memcpy(dialogSay, buf + 8, length);
dialogSay[length] = 0;
...
}[/code]
As you can see, it doesn't cap the length to the maximum of 2047 characters (+ null terminating), so the buffer overflows.
The final string in the first script has 3296 bytes, and in the second one it has 1296 bytes, so it doesn't crash.
If it exceeds 2047 characters, the server could cap the string and throw a warning.
This post has been edited by
Vianna
on Aug 3, 2012 13:15
Hercules Elf Bot - Aug 3, 2012 14:16
Originally posted by [b]Brynner[/b]
this is not [url="http://rathena.org/board/forum/19-client-patcher-support/"]Client & Patcher Support[/url] this is a [url="http://rathena.org/board/forum/12-rathena-bug-tracker/"]Bug Tracker[/url]. better to post it to [url="http://rathena.org/board/forum/19-client-patcher-support/"]Client & Patcher Support[/url].
if you got a question regarding on a script you should post it to [url="http://rathena.org/board/forum/30-scripting-support/"]Scripting Support[/url]
This post has been edited by
Brynner
on Aug 3, 2012 14:18
Hercules Elf Bot - Aug 3, 2012 14:32
Originally posted by [b]Ind[/b]
hum perhaps we could drop the packet when it gets beyond the supported length and throw a warning in the console to refrain the client from crashing .-. mmm
[hr]
[quote name='Brynner' timestamp='1344003414' post='12931']
this is not [url="http://rathena.org/board/forum/19-client-patcher-support/"]Client & Patcher Support[/url] this is a [url="http://rathena.org/board/forum/12-rathena-bug-tracker/"]Bug Tracker[/url]. better to post it to [url="http://rathena.org/board/forum/19-client-patcher-support/"]Client & Patcher Support[/url].if you got a question regarding on a script you should post it to [url="http://rathena.org/board/forum/30-scripting-support/"]Scripting Support[/url]
[/quote]
you're wrong. may i remind you, you're not part of the moderation team and it does not please me to see you going around the bug tracker posting stuff like that.
This post has been edited by
Ind
on Aug 3, 2012 14:32
Hercules Elf Bot - Aug 3, 2012 14:34
Originally posted by [b]Syouji[/b]
I think this issue fits more with Bug Tracking. Napster was trying to confirm whether or not there was a bug with parsing a script and its limitations. His question wasn't pointed towards how to script something, rather his intentions was to discuss the possibility of a client or script reading limitation. Vianna was able to confirm that is error is possibly a client bug
This post has been edited by
Syouji
on Aug 3, 2012 14:36
Hercules Elf Bot - Aug 3, 2012 14:37
Originally posted by [b]malufett[/b]
[quote]hum perhaps we could drop the packet when it gets beyond the supported length and throw a warning in the console to refrain the client from crashing .-. mmm[/quote]
agree..
Hercules Elf Bot - Aug 3, 2012 15:32
Originally posted by [b]close23[/b]
[quote name='Napster' timestamp='1343997383' post='12915']
I have test this script[color=#ff0000][b]Not pass[/b][/color][CODE]morocc,120,120,5 script Menu 69,{for (set .@i, 0; .@i < 100; set .@i, .@i +1) set .@menu$, .@menu$+"- TEST Menu No. ^FF0000" + .@i +"^000000:";set .@index, select(.@menu$ +"- Exit") -1;end;}[/CODE][color=#008000][b]Pass[/b][/color][CODE]morocc,120,120,5 script Menu 69,{for (set .@i, 0; .@i < 100; set .@i, .@i +1) set .@menu$, .@menu$+"- Menu No. " + .@i +":";set .@index, select(.@menu$ +"- Exit") -1;end;}[/CODE]I find it a problem that client crash.I think the problem is likely due to two reasons.1. Client limit.2. Script limit.But I'm still not sure, might be from other causes.Please check it Thankyou
[/quote]
is this a custom script or a default script of rathena files?
Hercules Elf Bot - Aug 3, 2012 15:39
Originally posted by [b]Ind[/b]
Fixed in [rev=16568]
Hercules Elf Bot - Aug 3, 2012 16:00
Originally posted by [b]close23[/b]
nice you fixed this more easily i hope you fix also the brandish spear problem on rune knight.
Hercules Elf Bot - Aug 3, 2012 17:17
Originally posted by [b]Napster[/b]
Thanks for fix
It is possible. We can add
Max Number of characters to hex client?
Hercules Elf Bot - Aug 3, 2012 17:26
Originally posted by [b]Vianna[/b]
Same thing happens to ZC_SAY_DIALOG (mes), although it's unlikely that anyone would use strings this large in a single mes call.
[code]void __thiscall CGameMode::Zc_Say_Dialog(CGameMode *this, const char *buf)
{
int v2; // ebx@1
unsigned int length; // ebx@1
int v4; // eax@2
UIFrameWnd *v5; // eax@4
char dialogSay[2051]; // [sp+Ch] [bp-804h]@2
this->m_isOnQuest = 1;
HIWORD(v2) = 0;
this->m_lastNaid = *((_DWORD *)buf + 1);
LOWORD(v2) = *((_WORD *)buf + 1);
length = v2 - 8;
if ( g_serviceType == 10 )
{
v4 = GetCharsetFromLang(0x1Fu);
sprintf(dialogSay, "|%02x", v4);
memcpy(&dialogSay[3], buf + 8, length);
dialogSay[length + 3] = 0;
}
else
{
memcpy(dialogSay, buf + 8, length);
dialogSay[length] = 0;
}
...
}[/code]
[hr]
[quote name='Napster' timestamp='1344014262' post='12948']
Thanks for fixIt is possible. We can addMax Number of characters to hex client?
[/quote]
Yes. I can hex it for you, send me a PM.
This post has been edited by
Vianna
on Aug 3, 2012 17:44