Open
Conversation
Owner
Author
|
To reproduce the bug do the following: go to bug trio boss, .die them, rigth click one of the bugs that spawn from yauj so that you attack-animation them, and wait for them to despawn |
Owner
Author
|
This was not reproducable when built with GCC and ran on linux. It does happen when build with msvc14 on windows |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I found, I believe, a very scary bug.
https://github.com/elysium-project/server/blob/development/src/shared/ByteBuffer.h#L402
On a call to SendMeleeAttackStop() from map update, I am assuming because I was targetting a temprary creature spawn that despawned as as it happened (i have reproduced this multiple times btw), buffer.wpos() returned 8, while buffer.size() is 0. Thus, when buffer.contents() try to run return &_storage[0]; a crash happens.(edited)
I attempted to replace buffer.wpos() with buffer.size(), and I am no longer able to reproduce the bug, but this is really old code from what I can find, so it strikes me as odd that i's always been buffer.wpos(), and noone has noticed or done anything about it
is anyone more familiar with the ByteBuffer class able to see if .size() is a valid replacement for .wpos()? It seems much safer to me. I assume the idea is that wpos should always be safe to use, but wpos can be changed a ton of places so its hard to imagine it can't fail (as it did for me now)