Norbyte / bg3se

Baldur's Gate 3 Script Extender
Other
1.13k stars 66 forks source link

Closing Osi.OpenMessageBox() with a message over 263 chars crashes the game #248

Open vivi344 opened 9 months ago

vivi344 commented 9 months ago

BG3Ext v13 built on Jan 16 2024 20:05:24 Game version v4.44.94.476 OK

Code to reproduce:

Osi.OpenMessageBox(Osi.GetHostCharacter(), "This string is 264 chars long. This string is 264 chars long. This string is 264 chars long. This string is 264 chars long. This string is 264 chars long. This string is 264 chars long. This string is 264 chars long. This string is 264 chars long. This string is 2")
Varriount commented 9 months ago

A shortened example would be:

Osi.OpenMessageBox(Osi.GetHostCharacter(), string.rep("a", 264))

Oddly enough, the game only crashes after the message box has been displayed, and the user clicks "Ok".

That being said, there's a fair chance that this is more a bug in the game itself, rather than one in Script Extender (unless an unmodified game has successful instances of displaying a message box with more than 263 characters).

SwissFred57 commented 9 months ago

yes it crashes i can reproduce it also but not only on messageboxes also on Shownotication

Norbyte commented 9 months ago

This is a vanilla game bug that has been present since DOS2, so it's unlikely that it will be fixed.

The reason for the crash is that the maximum string length in the Osi event notification buffer is 255 characters, and exceeding that will overwrite memory with junk.

Varriount commented 9 months ago

@Norbyte Any chance a wrapper with length checking could be used? Or at the very least, have this documented somewhere? I'd be happy to write one, if given some instructions on how and where.

(also, any idea why 263 is the maximum length?)

nonchip commented 8 months ago

@Varriount probably 256 minus the \0 and plus whatever else few bytes after that you're murdering without immediately triggering a crash.