search

opentibiabr / canary

Canary Server 13.x for OpenTibia community.
https://docs.opentibiabr.com/
GNU General Public License v2.0
374 stars 618 forks source link

Memory corruption when using ectoplasm container #2441

Open Humberd opened 7 months ago

Humberd commented 7 months ago

Priority

Medium

Area

What happened?

Summary

When spamming usage of ectoplasm container item from a hotkey the memory of action position variables gets corrupted.

[2024-03-14 22:52:03.845] [info] Actions::useItemEx (before isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2078, 2042, 7 ), item: 4852
[2024-03-14 22:52:03.845] [info] Actions::useItemEx (after isHotkey) fromPos: ( 8237, 25965, 115 ), toPos: ( 29816, 25933, 115 ), item: 4852

Inbetween these logs only the network message is being sent.

Details

OS: Windows WSL

Preparation:

  1. Canary head from main branch.
  2. Official Tibia client version 13.32.14520 link

Steps to reproduce:

  1. Modify https://github.com/opentibiabr/canary/blob/726d425fadc756048ab592714e54d7b07e75c9bb/src/lua/creature/actions.cpp#L444-L447 with 
    g_logger().info("--------------");
g_logger().info("Actions::useItemEx (before isHotkey) fromPos: {}, toPos: {}, item: {}", fromPos.toString(), toPos.toString(), item->getID());
if (isHotkey) {
    uint16_t subType = item->getSubType();
    showUseHotkeyMessage(player, item, player->getItemTypeCount(item->getID(), subType != item->getItemCount() ? subType : -1));
}
g_logger().info("Actions::useItemEx (after isHotkey) fromPos: {}, toPos: {}, item: {}", fromPos.toString(), toPos.toString(), item->getID());
  2. Get ectoplasm container item. Id: 4823
  3. Assign this item to a hotkey and set it to use With crosshair
  4. Spam this hotkey wherever, on the ground, on the player, doesn't matter.

Expected result

The position variables reflect the actual position

Actual result

[2024-03-14 23:08:41.178] [info] -------------- 
[2024-03-14 23:08:41.178] [info] Actions::useItemEx (before isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2046, 2060, 7 ), item: 4852
[2024-03-14 23:08:41.178] [info] Actions::useItemEx (after isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2046, 2060, 7 ), item: 4852
[2024-03-14 23:08:42.183] [info] -------------- 
[2024-03-14 23:08:42.183] [info] Actions::useItemEx (before isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2046, 2060, 7 ), item: 4852
[2024-03-14 23:08:42.183] [info] Actions::useItemEx (after isHotkey) fromPos: ( 8237, 25965, 115 ), toPos: ( 29816, 25933, 115 ), item: 4852
[2024-03-14 23:08:44.945] [info] -------------- 
[2024-03-14 23:08:44.945] [info] Actions::useItemEx (before isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2046, 2061, 7 ), item: 4852
[2024-03-14 23:08:44.946] [info] Actions::useItemEx (after isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2046, 2061, 7 ), item: 4852
[2024-03-14 23:08:46.094] [info] -------------- 
[2024-03-14 23:08:46.094] [info] Actions::useItemEx (before isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2048, 2061, 7 ), item: 4852
[2024-03-14 23:08:46.095] [info] Actions::useItemEx (after isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2048, 2061, 7 ), item: 4852
[2024-03-14 23:08:47.094] [info] -------------- 
[2024-03-14 23:08:47.094] [info] Actions::useItemEx (before isHotkey) fromPos: ( 65535, 0, 0 ), toPos: ( 2049, 2060, 7 ), item: 4852
[2024-03-14 23:08:47.094] [info] Actions::useItemEx (after isHotkey) fromPos: ( 8237, 25965, 115 ), toPos: ( 29816, 25933, 115 ), item: 4852
[2024-03-14 23:08:48.094] [info] --------------

Just invoking showUseHotkeyMessage() method, which does not use either fromPos or toPos changes their internal state.

Investigation

It looks like the problem is not with sending a network message itself. I commented the line responsible for sending a network text message, but the corruption remained the same. https://github.com/opentibiabr/canary/blob/b61cd9d4227220dd46c408a11f55c6217d8ba7eb/src/server/network/protocol/protocolgame.cpp#L4175

However, when I also commented a function call to msg.addString(), which internally does a memcpy, the problem was gone. https://github.com/opentibiabr/canary/blob/b61cd9d4227220dd46c408a11f55c6217d8ba7eb/src/server/network/protocol/protocolgame.cpp#L4174-L4175

Demo

https://github.com/opentibiabr/canary/assets/10242142/6196d41f-72a5-4cd5-85e9-53e19cb3b4a2

Note

Using rope or shovel works ok.

What OS are you seeing the problem on?

Linux

Code of Conduct

github-actions[bot] commented 4 months ago

This issue is stale because it has been open 120 days with no activity.

dudantas commented 1 month ago

I did some tests and everything seems fine. image