Notice: Any messages purporting to come from this site telling you that your password has expired, or that you need to verify your details, confirm your email, resolve issues, making threats, or asking for money, are
spam. We do not email users with any such messages. If you have lost your password you can obtain a new one by using the
password reset link.
Due to spam on this forum, all posts now need moderator approval.
Entire forum
➜ SMAUG
➜ SMAUG coding
➜ Force an overflow error?
It is now over 60 days since the last post. This thread is closed.
Refresh page
Pages: 1 2
| Posted by
| Zeno
USA (2,871 posts) Bio
|
| Date
| Sat 04 Feb 2006 06:11 PM (UTC) |
| Message
| Anyone know how to force an overflow error on a player? If I run Samson's pfile cleanup snippet, it cleans up about 600 players (thus 600 lines of logs) and causes an overflow on the Imms. So I tried this to force an overflow:
for ( i=0; i < 700; i++ )
{
snprintf( log_buf, MAX_STRING_LENGTH, "Player Test was deleted. Exceeded time limit of 2 days." );
log_string( log_buf );
}
But it doesn't cause an overflow at all. Anyone have any idea what to do? |
Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org | | Top |
|
| Posted by
| David Haley
USA (3,881 posts) Bio
|
| Date
| Reply #1 on Sat 04 Feb 2006 11:32 PM (UTC) |
| Message
| | What kind of overflow are you talking about? If you mean fill up the outgoing buffer before the select-then-output has time to service it, you'll have to look up in DESC_DATA or whatever the connection structure is to see how big that buffer is. |
David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone
http://david.the-haleys.org | | Top |
|
| Posted by
| Zeno
USA (2,871 posts) Bio
|
| Date
| Reply #2 on Sat 04 Feb 2006 11:43 PM (UTC) Amended on Sat 04 Feb 2006 11:44 PM (UTC) by Zeno
|
| Message
| This kind over overflow:
BUG: Buffer overflow. Closing (Zeno).
Closing link to Zeno.
I'll look into DESC_DATA. Is it one of these?
char inbuf [MAX_INBUF_SIZE];
char incomm [MAX_INPUT_LENGTH];
char inlast [MAX_INPUT_LENGTH];
They're 1024. |
Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org | | Top |
|
| Posted by
| David Haley
USA (3,881 posts) Bio
|
| Date
| Reply #3 on Sun 05 Feb 2006 12:05 AM (UTC) |
| Message
| No, those are all input buffers, to store what the player is typing. I think there are output buffers as well, but it's been a while since I've seen stock SMAUG network code. I heavily rewrote a lot of mine so I don't have offhand access to normal code.
But it should be in send_to_char or something like that -- that should call the function that adds it to the outgoing buffer. |
David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone
http://david.the-haleys.org | | Top |
|
| Posted by
| Samson
USA (683 posts) Bio
|
| Date
| Reply #4 on Sun 05 Feb 2006 01:13 AM (UTC) |
| Message
|
/*
* Expand the buffer as needed.
*/
while( d->outtop + length >= d->outsize )
{
if( d->outsize > 32000 )
{
/*
* empty buffer
*/
d->outtop = 0;
close_socket( d, TRUE );
bug( "Buffer overflow. Closing (%s).", d->character ? d->character->name : "???" );
return;
}
d->outsize *= 2;
RECREATE( d->outbuf, char, d->outsize );
}
According to the above code, you need to force-fill a buffer with more than 32,000 characters. How you would go about that is up to you :) | | Top |
|
| Posted by
| Zeno
USA (2,871 posts) Bio
|
| Date
| Reply #5 on Sun 05 Feb 2006 02:34 AM (UTC) |
| Message
| | I tried looking through the code at outsize or outbuf, but I can't really seem to track it down to see how it's used. I still don't see how my original code isn't forcing it to be filled. |
Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org | | Top |
|
| Posted by
| David Haley
USA (3,881 posts) Bio
|
| Date
| Reply #6 on Sun 05 Feb 2006 04:21 AM (UTC) |
| Message
| According to what Samson posted, you'd need to output 32,000 / 600 = 53.3 characters per line, if you output 600 lines, in order to overflow the connection.
I have to admit, though, that I'm curious why you want to go to the trouble of overflowing a player when you can just disconnect them? :) |
David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone
http://david.the-haleys.org | | Top |
|
| Posted by
| Zeno
USA (2,871 posts) Bio
|
| Date
| Reply #7 on Sun 05 Feb 2006 05:02 AM (UTC) Amended on Tue 11 Mar 2008 03:31 AM (UTC) by Nick Gammon
|
| Message
| I need to reproduce an overflow in normal conditions, aka not running the pfile cleanup. See this topic:
http://forums.smaugfuss.org/index.php?a=topic&t=214
[EDIT - 11 March 2008] - The Smaug FUSS site is now http://www.smaugmuds.org/ |
Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org | | Top |
|
| Posted by
| David Haley
USA (3,881 posts) Bio
|
| Date
| Reply #8 on Sun 05 Feb 2006 07:19 AM (UTC) |
| Message
| I didn't read that in detail but it looks like you have a crash occurring from overflow, and you want to reproduce overflow in order to see what causes the crash?
I would just write a function that outputs 600 lines of 60 characters each. Should take care of the overflow... |
David Haley aka Ksilyan
Head Programmer,
Legends of the Darkstone
http://david.the-haleys.org | | Top |
|
| Posted by
| Zeno
USA (2,871 posts) Bio
|
| Date
| Reply #9 on Sun 05 Feb 2006 04:19 PM (UTC) |
| Message
| Yes, that's the basics of the crash.
I got the overflow working. But it turns out...
Quote:
Well now this is odd. I can reproduce this crash on the overflow when the pfile cleanup snippet is used (cleaning up 700+ players, giving 700+ logs and then an overflow) but I can't reproduce the crash with a simple overflow. Now I just have no idea...
So apparently it's not just the overflow that causes the crash... |
Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org | | Top |
|
| Posted by
| Samson
USA (683 posts) Bio
|
| Date
| Reply #10 on Sun 05 Feb 2006 10:41 PM (UTC) |
| Message
| So this sounds like it's a bug in the pfiles code? Is it possible that during the course of loading and saving all those pfiles that one of them was an immortal, and it tried to send the log message to them even though they're linkdead?
Otherwise if this hasn't yet been isolated to the pfile code I'm not sure how else to forceably trigger the overflow besides writing a function to create the conditions. A for loop with enough iterations to call send_to_char on an 80 char string should do the trick. | | Top |
|
| Posted by
| Zeno
USA (2,871 posts) Bio
|
| Date
| Reply #11 on Mon 06 Feb 2006 02:01 AM (UTC) |
| Message
| | Yes, I've given it thought that it could be a bug in the pfile snippet. Can't confirm it though, but that's why I made that recent post on Alsherok. |
Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org | | Top |
|
| Posted by
| Gohan_TheDragonball
USA (183 posts) Bio
|
| Date
| Reply #12 on Mon 06 Feb 2006 04:17 AM (UTC) Amended on Mon 06 Feb 2006 04:27 AM (UTC) by Gohan_TheDragonball
|
| Message
| Well a simple fix I did when I encountered this problem was such:
in handler.c
sh_int get_trust( CHAR_DATA *ch )
{
if ( !ch )
return 0;
....
} | | Top |
|
| Posted by
| Zeno
USA (2,871 posts) Bio
|
| Date
| Reply #13 on Mon 06 Feb 2006 11:50 AM (UTC) |
| Message
| | Yeah, but it happens everywhere and not just in get_trust. |
Zeno McDohl,
Owner of Bleached InuYasha Galaxy
http://www.biyg.org | | Top |
|
| Posted by
| Samson
USA (683 posts) Bio
|
| Date
| Reply #14 on Mon 06 Feb 2006 12:00 PM (UTC) |
| Message
| | Curious as to why altering get_trust would have any affect on this. | | Top |
|
The dates and times for posts above are shown in Universal Co-ordinated Time (UTC).
To show them in your local time you can join the forum, and then set the 'time correction' field in your profile to the number of hours difference between your location and UTC time.
56,024 views.
This is page 1, subject is 2 pages long: 1 2
![[Next page]](/images/thin_next.gif)
It is now over 60 days since the last post. This thread is closed.
Refresh page
![[Go to top]](/images/gototop.gif)
top