From f94d476cf2ec4dd65b4eaed01b2b71ac3c5dbf32 Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 12:14:07 +0200 Subject: [PATCH 01/11] Don't divide by 0 in LoadSkin src/game/client/components/skins.cpp:142:14: runtime error: -nan is outside the range of representable values of type 'int' #0 0x55b6bd0f49e1 in CSkins::LoadSkin(char const*, char const*, int, int*) /media/ddnet/src/game/client/components/skins.cpp:142:14 #1 0x55b6bd0f0942 in CSkins::SkinScan(char const*, int, int, void*) /media/ddnet/src/game/client/components/skins.cpp:55:16 #2 0x55b6bcb33928 in fs_listdir /media/ddnet/src/base/system.c:2033:6 #3 0x55b6bcb04024 in CStorage::ListDirectory(int, char const*, int (*)(char const*, int, int, void*), void*) /media/ddnet/src/engine/shared/storage.cpp:316:5 #4 0x55b6bd0f9e2f in CSkins::Refresh() /media/ddnet/src/game/client/components/skins.cpp:222:13 #5 0x55b6bd0f6e33 in CSkins::OnInit() /media/ddnet/src/game/client/components/skins.cpp:194:2 #6 0x55b6bd14c63f in CGameClient::OnInit() /media/ddnet/src/game/client/gameclient.cpp:322:28 #7 0x55b6bcc5f9f8 in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3089:16 #8 0x55b6bcc84b7e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #9 0x7f1144ded151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #10 0x55b6bc9d1e0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/game/client/components/skins.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/game/client/components/skins.cpp b/src/game/client/components/skins.cpp index 44f761e8f..03ce42626 100644 --- a/src/game/client/components/skins.cpp +++ b/src/game/client/components/skins.cpp @@ -138,8 +138,12 @@ int CSkins::LoadSkin(const char *pName, const char *pPath, int DirType, int *pGe for(int x = 0; x < BodySize; x++) { int v = d[y * Pitch + x * 4]; - if(v <= OrgWeight) + if(OrgWeight == 0) + v = 0; + else if(v <= OrgWeight) v = (int)(((v / (float)OrgWeight) * NewWeight)); + else if(InvOrgWeight == 0) + v = NewWeight; else v = (int)(((v - OrgWeight) / (float)InvOrgWeight) * InvNewWeight + NewWeight); d[y * Pitch + x * 4] = v; From 7e297aff59a23afa639cd630d5aca062cfa84838 Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 12:17:40 +0200 Subject: [PATCH 02/11] Don't pass null pointer into mem_copy in CServerBrowser src/base/system.c:261:15: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:44:28: note: nonnull attribute specified here #0 0x5651235308dc in mem_copy /media/ddnet/src/base/system.c:261:2 #1 0x56512375218d in CServerBrowser::Add(NETADDR const&) /media/ddnet/src/engine/client/serverbrowser.cpp:503:3 #2 0x565123752f6a in CServerBrowser::Set(NETADDR const&, int, int, CServerInfo const*) /media/ddnet/src/engine/client/serverbrowser.cpp:548:13 #3 0x5651237564cb in CServerBrowser::Refresh(int) /media/ddnet/src/engine/client/serverbrowser.cpp:705:6 #4 0x5651239a32f8 in CMenus::Render() /media/ddnet/src/game/client/components/menus.cpp:1164:21 #5 0x5651239bd331 in CMenus::OnRender() /media/ddnet/src/game/client/components/menus.cpp:2338:2 #6 0x565123b878f6 in CGameClient::OnRender() /media/ddnet/src/game/client/gameclient.cpp:676:28 #7 0x56512363b5ee in CClient::Render() /media/ddnet/src/engine/client/client.cpp:1134:16 #8 0x56512367095f in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3285:7 #9 0x565123690b7e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #10 0x7fa8487e8151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #11 0x5651233dde0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/engine/client/serverbrowser.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/engine/client/serverbrowser.cpp b/src/engine/client/serverbrowser.cpp index c2b46044b..ce9690263 100644 --- a/src/engine/client/serverbrowser.cpp +++ b/src/engine/client/serverbrowser.cpp @@ -500,7 +500,8 @@ CServerBrowser::CServerEntry *CServerBrowser::Add(const NETADDR &Addr) CServerEntry **ppNewlist; m_NumServerCapacity += 100; ppNewlist = (CServerEntry **)calloc(m_NumServerCapacity, sizeof(CServerEntry *)); - mem_copy(ppNewlist, m_ppServerlist, m_NumServers * sizeof(CServerEntry *)); + if(m_NumServers > 0) + mem_copy(ppNewlist, m_ppServerlist, m_NumServers * sizeof(CServerEntry *)); free(m_ppServerlist); m_ppServerlist = ppNewlist; } From e6b0283722dcd460d073fd2abc7de8a72909160b Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 12:27:22 +0200 Subject: [PATCH 03/11] No null pointer to mem_copy in SendControlMsg src/base/system.c:261:15: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:44:28: note: nonnull attribute specified here #0 0x565165b348dc in mem_copy /media/ddnet/src/base/system.c:261:2 #1 0x565165aeb27d in CNetBase::SendControlMsg(NETSOCKET, NETADDR*, int, int, void const*, int, int, bool) /media/ddnet/src/engine/shared/network.cpp:313:2 #2 0x565165aeeb4e in CNetConnection::SendControl(int, void const*, int) /media/ddnet/src/engine/shared/network_conn.cpp:169:2 #3 0x565165af08c5 in CNetConnection::Feed(CNetPacketConstruct*, NETADDR*, int) /media/ddnet/src/engine/shared/network_conn.cpp:367:6 #4 0x565165aec7d2 in CNetClient::Recv(CNetChunk*) /media/ddnet/src/engine/shared/network_client.cpp:94:174 #5 0x565165c5d5ea in CClient::PumpNetwork() /media/ddnet/src/engine/client/client.cpp:2571:24 #6 0x565165c67a71 in CClient::Update() /media/ddnet/src/engine/client/client.cpp:2856:2 #7 0x565165c72f4e in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3237:4 #8 0x565165c94b7e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #9 0x7fba5af2c151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #10 0x5651659e1e0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/engine/shared/network.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/engine/shared/network.cpp b/src/engine/shared/network.cpp index d74119580..5d03adbf6 100644 --- a/src/engine/shared/network.cpp +++ b/src/engine/shared/network.cpp @@ -310,7 +310,8 @@ void CNetBase::SendControlMsg(NETSOCKET Socket, NETADDR *pAddr, int Ack, int Con Construct.m_NumChunks = 0; Construct.m_DataSize = 1 + ExtraSize; Construct.m_aChunkData[0] = ControlMsg; - mem_copy(&Construct.m_aChunkData[1], pExtra, ExtraSize); + if(pExtra) + mem_copy(&Construct.m_aChunkData[1], pExtra, ExtraSize); // send the control message CNetBase::SendPacket(Socket, pAddr, &Construct, SecurityToken, Sixup, true); From 346853e81767ac3058529b330570becfed5aec18 Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 12:30:02 +0200 Subject: [PATCH 04/11] Signed overflow is undefined in CSnapshot::Crc src/engine/shared/snapshot.cpp:72:8: runtime error: signed integer overflow: -1297193910 + -1824658838 cannot be represented in type 'int' #0 0x565165b0687d in CSnapshot::Crc() /media/ddnet/src/engine/shared/snapshot.cpp:72:8 #1 0x565165c4d20b in CClient::ProcessServerPacket(CNetChunk*) /media/ddnet/src/engine/client/client.cpp:1981:49 #2 0x565165c5d960 in CClient::PumpNetwork() /media/ddnet/src/engine/client/client.cpp:2589:6 #3 0x565165c67a71 in CClient::Update() /media/ddnet/src/engine/client/client.cpp:2856:2 #4 0x565165c72f4e in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3237:4 #5 0x565165c94b7e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #6 0x7fba5af2c151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #7 0x5651659e1e0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/engine/client/client.cpp | 4 ++-- src/engine/shared/snapshot.cpp | 4 ++-- src/engine/shared/snapshot.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/engine/client/client.cpp b/src/engine/client/client.cpp index 96d0cf906..59b94c018 100644 --- a/src/engine/client/client.cpp +++ b/src/engine/client/client.cpp @@ -1872,7 +1872,7 @@ void CClient::ProcessServerPacket(CNetChunk *pPacket) int GameTick = Unpacker.GetInt(); int DeltaTick = GameTick - Unpacker.GetInt(); int PartSize = 0; - int Crc = 0; + unsigned int Crc = 0; int CompleteSize = 0; const char *pData = 0; @@ -2160,7 +2160,7 @@ void CClient::ProcessServerPacketDummy(CNetChunk *pPacket) int GameTick = Unpacker.GetInt(); int DeltaTick = GameTick - Unpacker.GetInt(); int PartSize = 0; - int Crc = 0; + unsigned int Crc = 0; int CompleteSize = 0; const char *pData = 0; diff --git a/src/engine/shared/snapshot.cpp b/src/engine/shared/snapshot.cpp index cd6650f57..177bcf929 100644 --- a/src/engine/shared/snapshot.cpp +++ b/src/engine/shared/snapshot.cpp @@ -59,9 +59,9 @@ int CSnapshot::GetItemIndex(int Key) return -1; } -int CSnapshot::Crc() +unsigned CSnapshot::Crc() { - int Crc = 0; + unsigned int Crc = 0; for(int i = 0; i < m_NumItems; i++) { diff --git a/src/engine/shared/snapshot.h b/src/engine/shared/snapshot.h index 474eeacda..85a69add7 100644 --- a/src/engine/shared/snapshot.h +++ b/src/engine/shared/snapshot.h @@ -47,7 +47,7 @@ public: int GetItemIndex(int Key); int GetItemType(int Index); - int Crc(); + unsigned Crc(); void DebugDump(); static void RemoveExtraInfo(unsigned char *pData); }; From 47299e8586d1639ed069195e2032dc0e47849630 Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 12:43:05 +0200 Subject: [PATCH 05/11] Out of bounds access in CMenus::RenderGame src/game/client/components/menus_ingame.cpp:108:16: runtime error: index -1 out of bounds for type 'CGameClient::CClientData [64]' #0 0x55733e6a64c4 in CMenus::RenderGame(CUIRect) /media/ddnet/src/game/client/components/menus_ingame.cpp:108:73 #1 0x55733e632ba7 in CMenus::Render() /media/ddnet/src/game/client/components/menus.cpp:1228:6 #2 0x55733e64b141 in CMenus::OnRender() /media/ddnet/src/game/client/components/menus.cpp:2338:2 #3 0x55733e815706 in CGameClient::OnRender() /media/ddnet/src/game/client/gameclient.cpp:676:28 #4 0x55733e2c959e in CClient::Render() /media/ddnet/src/engine/client/client.cpp:1134:16 #5 0x55733e2fe90f in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3285:7 #6 0x55733e31eb2e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #7 0x7f9a2057e151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #8 0x55733e06be0d in _start (/media/ddnet/DDNet+0x705e0d) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/game/client/components/menus_ingame.cpp:108:16 in src/game/client/components/menus_ingame.cpp:109:14: runtime error: index -1 out of bounds for type 'CGameClient::CClientData [64]' #0 0x55733e6a699a in CMenus::RenderGame(CUIRect) /media/ddnet/src/game/client/components/menus_ingame.cpp:109:71 #1 0x55733e632ba7 in CMenus::Render() /media/ddnet/src/game/client/components/menus.cpp:1228:6 #2 0x55733e64b141 in CMenus::OnRender() /media/ddnet/src/game/client/components/menus.cpp:2338:2 #3 0x55733e815706 in CGameClient::OnRender() /media/ddnet/src/game/client/gameclient.cpp:676:28 #4 0x55733e2c959e in CClient::Render() /media/ddnet/src/engine/client/client.cpp:1134:16 #5 0x55733e2fe90f in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3285:7 #6 0x55733e31eb2e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #7 0x7f9a2057e151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #8 0x55733e06be0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/game/client/components/menus_ingame.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/game/client/components/menus_ingame.cpp b/src/game/client/components/menus_ingame.cpp index 728a0b8d9..c1707e58a 100644 --- a/src/game/client/components/menus_ingame.cpp +++ b/src/game/client/components/menus_ingame.cpp @@ -105,8 +105,13 @@ void CMenus::RenderGame(CUIRect MainView) static int s_JoinRedButton = 0; static int s_JoinBlueButton = 0; - bool Paused = m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_Paused; - bool Spec = m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_Spec; + bool Paused = false; + bool Spec = false; + if(m_pClient->m_Snap.m_LocalClientID >= 0) + { + Paused = m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_Paused; + Spec = m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_Spec; + } if(m_pClient->m_Snap.m_pLocalInfo && m_pClient->m_Snap.m_pGameInfoObj && !Paused && !Spec) { From 3d76010fe93ac27a4d6ef7684e95915d7282a69c Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 12:47:16 +0200 Subject: [PATCH 06/11] aPastIndecies -> aPastIndices --- src/engine/shared/snapshot.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/engine/shared/snapshot.cpp b/src/engine/shared/snapshot.cpp index 177bcf929..802ef2b80 100644 --- a/src/engine/shared/snapshot.cpp +++ b/src/engine/shared/snapshot.cpp @@ -230,7 +230,7 @@ int CSnapshotDelta::CreateDelta(CSnapshot *pFrom, CSnapshot *pTo, void *pDstData } GenerateHash(Hashlist, pFrom); - int aPastIndecies[1024]; + int aPastIndices[1024]; // fetch previous indices // we do this as a separate pass because it helps the cache @@ -238,7 +238,7 @@ int CSnapshotDelta::CreateDelta(CSnapshot *pFrom, CSnapshot *pTo, void *pDstData for(i = 0; i < NumItems; i++) { pCurItem = pTo->GetItem(i); // O(1) .. O(n) - aPastIndecies[i] = GetItemIndexHashed(pCurItem->Key(), Hashlist); // O(n) .. O(n^n) + aPastIndices[i] = GetItemIndexHashed(pCurItem->Key(), Hashlist); // O(n) .. O(n^n) } for(i = 0; i < NumItems; i++) @@ -246,7 +246,7 @@ int CSnapshotDelta::CreateDelta(CSnapshot *pFrom, CSnapshot *pTo, void *pDstData // do delta ItemSize = pTo->GetItemSize(i); // O(1) .. O(n) pCurItem = pTo->GetItem(i); // O(1) .. O(n) - PastIndex = aPastIndecies[i]; + PastIndex = aPastIndices[i]; if(PastIndex != -1) { From 60f4e078b751a743193168a4c4fcb42d4b75205a Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 12:57:48 +0200 Subject: [PATCH 07/11] Out of bounds access in RenderPlayer src/game/client/components/players.cpp:197:5: runtime error: index -2 out of bounds for type 'CGameClient::CClientData [64]' #0 0x56548eec0487 in CPlayers::RenderPlayer(CNetObj_Character const*, CNetObj_Character const*, CTeeRenderInfo const*, int, float) /media/ddnet/src/game/client/components/players.cpp:197:37 #1 0x56548ec97234 in CGhost::OnRender() /media/ddnet/src/game/client/components/ghost.cpp:344:26 #2 0x56548ef92b26 in CGameClient::OnRender() /media/ddnet/src/game/client/gameclient.cpp:676:28 #3 0x56548ea4659e in CClient::Render() /media/ddnet/src/engine/client/client.cpp:1134:16 #4 0x56548ea7b90f in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3285:7 #5 0x56548ea9bb2e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #6 0x7f7c844f1151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #7 0x56548e7e8e0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/game/client/components/players.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/game/client/components/players.cpp b/src/game/client/components/players.cpp index b4f43eb67..532a67a80 100644 --- a/src/game/client/components/players.cpp +++ b/src/game/client/components/players.cpp @@ -194,7 +194,7 @@ void CPlayers::RenderPlayer( bool PredictLocalWeapons = false; float AttackTime = (Client()->PrevGameTick(g_Config.m_ClDummy) - Player.m_AttackTick) / (float)SERVER_TICK_SPEED + Client()->GameTickTime(g_Config.m_ClDummy); float LastAttackTime = (Client()->PrevGameTick(g_Config.m_ClDummy) - Player.m_AttackTick) / (float)SERVER_TICK_SPEED + s_LastGameTickTime; - if(m_pClient->m_aClients[ClientID].m_IsPredictedLocal && m_pClient->AntiPingGunfire()) + if(ClientID >= 0 && m_pClient->m_aClients[ClientID].m_IsPredictedLocal && m_pClient->AntiPingGunfire()) { PredictLocalWeapons = true; AttackTime = (Client()->PredIntraGameTick(g_Config.m_ClDummy) + (Client()->PredGameTick(g_Config.m_ClDummy) - 1 - Player.m_AttackTick)) / (float)SERVER_TICK_SPEED; From 23db49db635e95f1c492118607078991a5fc5a18 Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 13:02:24 +0200 Subject: [PATCH 08/11] Server browser: Don't access friends out of bounds src/engine/client/serverbrowser.cpp:295:88: runtime error: index 64 out of bounds for type 'CServerInfo::CClient [64]' #0 0x565020e035bd in CServerBrowser::Filter() /media/ddnet/src/engine/client/serverbrowser.cpp:295:128 #1 0x565020e053b3 in CServerBrowser::Sort() /media/ddnet/src/engine/client/serverbrowser.cpp:352:2 #2 0x565020e0c364 in CServerBrowser::Set(NETADDR const&, int, int, CServerInfo const*) /media/ddnet/src/engine/client/serverbrowser.cpp:620:2 #3 0x565020cf9854 in CClient::ProcessServerInfo(int, NETADDR*, void const*, int) /media/ddnet/src/engine/client/client.cpp:1524:20 #4 0x565020cf8132 in CClient::ProcessConnlessPacket(CNetChunk*) /media/ddnet/src/engine/client/client.cpp:1357:4 #5 0x565020d11656 in CClient::PumpNetwork() /media/ddnet/src/engine/client/client.cpp:2575:5 #6 0x565020d1ba21 in CClient::Update() /media/ddnet/src/engine/client/client.cpp:2856:2 #7 0x565020d26efe in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3237:4 #8 0x565020d48b2e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #9 0x7f4311524151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #10 0x565020a95e0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/engine/client/serverbrowser.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/engine/client/serverbrowser.cpp b/src/engine/client/serverbrowser.cpp index ce9690263..793d5bce7 100644 --- a/src/engine/client/serverbrowser.cpp +++ b/src/engine/client/serverbrowser.cpp @@ -290,7 +290,7 @@ void CServerBrowser::Filter() { // check for friend m_ppServerlist[i]->m_Info.m_FriendState = IFriends::FRIEND_NO; - for(p = 0; p < m_ppServerlist[i]->m_Info.m_NumClients; p++) + for(p = 0; p < minimum(m_ppServerlist[i]->m_Info.m_NumClients, (int)MAX_CLIENTS); p++) { m_ppServerlist[i]->m_Info.m_aClients[p].m_FriendState = m_pFriends->GetFriendState(m_ppServerlist[i]->m_Info.m_aClients[p].m_aName, m_ppServerlist[i]->m_Info.m_aClients[p].m_aClan); From 6680ec388cb8b71f9fa73223d3af9d37148bd26a Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 13:10:02 +0200 Subject: [PATCH 09/11] Reset CCharacterCore at start Hopefully fixes these by initializing m_Pos: src/game/collision.cpp:345:10: runtime error: -nan is outside the range of representable values of type 'int' #0 0x55e85a8f0967 in CCollision::IntersectLineTeleHook(vector2_base, vector2_base, vector2_base*, vector2_base*, int*) /media/ddnet/src/game/collision.cpp:345:10 #1 0x55e85a90767b in CCharacterCore::Tick(bool) /media/ddnet/src/game/gamecore.cpp:255:27 #2 0x55e85af8e477 in CCharacter::Tick() /media/ddnet/src/game/client/prediction/entities/character.cpp:562:9 #3 0x55e85afc867f in CGameWorld::Tick() /media/ddnet/src/game/client/prediction/gameworld.cpp:193:10 #4 0x55e85af500b8 in CGameClient::UpdatePrediction() /media/ddnet/src/game/client/gameclient.cpp:2279:16 #5 0x55e85af48b9b in CGameClient::OnNewSnapshot() /media/ddnet/src/game/client/gameclient.cpp:1675:3 #6 0x55e85a9fdf8c in CClient::Update() /media/ddnet/src/engine/client/client.cpp:2767:22 #7 0x55e85aa0cefe in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3237:4 #8 0x55e85aa2eb2e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #9 0x7feedbc65151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #10 0x55e85a77be0d in _start (/media/ddnet/DDNet+0x705e0d) src/base/math.h:22:40: runtime error: -nan is outside the range of representable values of type 'int' #0 0x55e85a900c2f in round_to_int(float) /media/ddnet/src/base/math.h:22:40 #1 0x55e85a90cac1 in CCharacterCore::Write(CNetObj_CharacterCore*) /media/ddnet/src/game/gamecore.cpp:515:22 #2 0x55e85a90e171 in CCharacterCore::Quantize() /media/ddnet/src/game/gamecore.cpp:574:2 #3 0x55e85af90be9 in CCharacter::TickDefered() /media/ddnet/src/game/client/prediction/entities/character.cpp:580:9 #4 0x55e85afc8a1b in CGameWorld::Tick() /media/ddnet/src/game/client/prediction/gameworld.cpp:201:10 #5 0x55e85af500b8 in CGameClient::UpdatePrediction() /media/ddnet/src/game/client/gameclient.cpp:2279:16 #6 0x55e85af48b9b in CGameClient::OnNewSnapshot() /media/ddnet/src/game/client/gameclient.cpp:1675:3 #7 0x55e85a9fdf8c in CClient::Update() /media/ddnet/src/engine/client/client.cpp:2767:22 #8 0x55e85aa0cefe in CClient::Run() /media/ddnet/src/engine/client/client.cpp:3237:4 #9 0x55e85aa2eb2e in main /media/ddnet/src/engine/client/client.cpp:4341:11 #10 0x7feedbc65151 in __libc_start_main (/usr/lib/libc.so.6+0x28151) #11 0x55e85a77be0d in _start (/media/ddnet/DDNet+0x705e0d) --- src/game/gamecore.cpp | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/src/game/gamecore.cpp b/src/game/gamecore.cpp index 3c5098478..4b6f99f3b 100644 --- a/src/game/gamecore.cpp +++ b/src/game/gamecore.cpp @@ -64,10 +64,7 @@ void CCharacterCore::Init(CWorldCore *pWorld, CCollision *pCollision, CTeamsCore m_pTeams = pTeams; m_Id = -1; - m_Hook = true; - m_Collision = true; - m_JumpedTotal = 0; - m_Jumps = 2; + Reset(); } void CCharacterCore::Init(CWorldCore *pWorld, CCollision *pCollision, CTeamsCore *pTeams, std::map> *pTeleOuts) @@ -78,10 +75,7 @@ void CCharacterCore::Init(CWorldCore *pWorld, CCollision *pCollision, CTeamsCore m_pTeams = pTeams; m_Id = -1; - m_Hook = true; - m_Collision = true; - m_JumpedTotal = 0; - m_Jumps = 2; + Reset(); } void CCharacterCore::Reset() From 476a912b3faebbd2d70fe8ef11ff6f112eaf3deb Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 23:39:13 +0200 Subject: [PATCH 10/11] Fix CRaceDemo + CGhost out of bounds access #0 0x9f70dd in CRaceDemo::OnMessage(int, void*) src/game/client/components/race_demo.cpp:134 #1 0xab81af in CGameClient::OnMessage(int, CUnpacker*, bool) src/game/client/gameclient.cpp:823 #2 0x50ff76 in CClient::ProcessServerPacket(CNetChunk*) src/engine/client/client.cpp:2100 #3 0x51bf62 in CClient::PumpNetwork() src/engine/client/client.cpp:2580 #4 0x526b56 in CClient::Update() src/engine/client/client.cpp:2856 #5 0x5333e4 in CClient::Run() src/engine/client/client.cpp:3237 #6 0x557fda in main src/engine/client/client.cpp:4341 #7 0x7f55e8c75cc9 in __libc_start_main ../csu/libc-start.c:308 #8 0x433e29 in _start (build/DDNet+0x433e29) src/game/client/components/ghost.cpp:600:35: runtime error: index -1 out of bounds for type 'CGameClient::CClientData [64]' #0 0x78201a in CGhost::OnMessage(int, void*) src/game/client/components/ghost.cpp:600 #1 0xab81af in CGameClient::OnMessage(int, CUnpacker*, bool) src/game/client/gameclient.cpp:823 #2 0x50ff76 in CClient::ProcessServerPacket(CNetChunk*) src/engine/client/client.cpp:2100 #3 0x51bf62 in CClient::PumpNetwork() src/engine/client/client.cpp:2580 #4 0x526b56 in CClient::Update() src/engine/client/client.cpp:2856 #5 0x5333e4 in CClient::Run() src/engine/client/client.cpp:3237 #6 0x557fda in main src/engine/client/client.cpp:4341 #7 0x7f55e8c75cc9 in __libc_start_main ../csu/libc-start.c:308 #8 0x433e29 in _start (build/DDNet+0x433e29) --- src/game/client/components/ghost.cpp | 2 +- src/game/client/components/race_demo.cpp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/game/client/components/ghost.cpp b/src/game/client/components/ghost.cpp index c4d65f08d..a9891817d 100644 --- a/src/game/client/components/ghost.cpp +++ b/src/game/client/components/ghost.cpp @@ -597,7 +597,7 @@ void CGhost::OnMessage(int MsgType, void *pRawMsg) { char aName[MAX_NAME_LENGTH]; int Time = CRaceHelper::TimeFromFinishMessage(pMsg->m_pMessage, aName, sizeof(aName)); - if(Time > 0 && str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) == 0) + if(Time > 0 && m_pClient->m_Snap.m_LocalClientID >= 0 && str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) == 0) { StopRecord(Time); StopRender(); diff --git a/src/game/client/components/race_demo.cpp b/src/game/client/components/race_demo.cpp index 94b5ad188..fd8af3417 100644 --- a/src/game/client/components/race_demo.cpp +++ b/src/game/client/components/race_demo.cpp @@ -131,7 +131,7 @@ void CRaceDemo::OnMessage(int MsgType, void *pRawMsg) { char aName[MAX_NAME_LENGTH]; int Time = CRaceHelper::TimeFromFinishMessage(pMsg->m_pMessage, aName, sizeof(aName)); - if(Time > 0 && str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) == 0) + if(Time > 0 && m_pClient->m_Snap.m_LocalClientID >= 0 && str_comp(aName, m_pClient->m_aClients[m_pClient->m_Snap.m_LocalClientID].m_aName) == 0) { m_RaceState = RACE_FINISHED; m_RecordStopTick = Client()->GameTick(g_Config.m_ClDummy) + Client()->GameTickSpeed(); From ae1a266dac76163fd1e4eec62e77a284fee98861 Mon Sep 17 00:00:00 2001 From: def Date: Sat, 10 Oct 2020 23:46:01 +0200 Subject: [PATCH 11/11] CCharacterCore::Tick caused out of bounds src/game/teamscore.cpp:27:78: runtime error: index -1 out of bounds for type 'int const[64]' #0 0xf5b948 in CTeamsCore::CanKeepHook(int, int) const src/game/teamscore.cpp:27 #1 0xf46fe1 in CCharacterCore::Tick(bool) src/game/gamecore.cpp:325 #2 0xaf7366 in CGameClient::DetectStrongHook() src/game/client/gameclient.cpp:2441 #3 0xadd734 in CGameClient::UpdatePrediction() src/game/client/gameclient.cpp:2249 #4 0xad6e17 in CGameClient::OnNewSnapshot() src/game/client/gameclient.cpp:1675 #5 0x522d55 in CClient::Update() src/engine/client/client.cpp:2767 #6 0x5333e4 in CClient::Run() src/engine/client/client.cpp:3237 #7 0x557fda in main src/engine/client/client.cpp:4341 #8 0x7f55e8c75cc9 in __libc_start_main ../csu/libc-start.c:308 #9 0x433e29 in _start (build/DDNet+0x433e29) src/game/teamscore.cpp:34:78: runtime error: index -1 out of bounds for type 'int const[64]' #0 0xf5be68 in CTeamsCore::CanCollide(int, int) const src/game/teamscore.cpp:34 #1 0xf46458 in CCharacterCore::Tick(bool) src/game/gamecore.cpp:271 #2 0xaf7374 in CGameClient::DetectStrongHook() src/game/client/gameclient.cpp:2442 #3 0xadd734 in CGameClient::UpdatePrediction() src/game/client/gameclient.cpp:2249 #4 0xad6e17 in CGameClient::OnNewSnapshot() src/game/client/gameclient.cpp:1675 #5 0x522d55 in CClient::Update() src/engine/client/client.cpp:2767 #6 0x5333e4 in CClient::Run() src/engine/client/client.cpp:3237 #7 0x557fda in main src/engine/client/client.cpp:4341 #8 0x7f55e8c75cc9 in __libc_start_main ../csu/libc-start.c:308 #9 0x433e29 in _start (build/DDNet+0x433e29) --- src/game/gamecore.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/game/gamecore.cpp b/src/game/gamecore.cpp index 4b6f99f3b..85aa00b04 100644 --- a/src/game/gamecore.cpp +++ b/src/game/gamecore.cpp @@ -268,7 +268,7 @@ void CCharacterCore::Tick(bool UseInput) for(int i = 0; i < MAX_CLIENTS; i++) { CCharacterCore *pCharCore = m_pWorld->m_apCharacters[i]; - if(!pCharCore || pCharCore == this || (!(m_Super || pCharCore->m_Super) && (!m_pTeams->CanCollide(i, m_Id) || pCharCore->m_Solo || m_Solo))) + if(!pCharCore || pCharCore == this || (!(m_Super || pCharCore->m_Super) && ((m_Id != -1 && !m_pTeams->CanCollide(i, m_Id)) || pCharCore->m_Solo || m_Solo))) continue; vec2 ClosestPoint = closest_point_on_line(m_HookPos, NewPos, pCharCore->m_Pos); @@ -322,7 +322,7 @@ void CCharacterCore::Tick(bool UseInput) if(m_HookedPlayer != -1) { CCharacterCore *pCharCore = m_pWorld->m_apCharacters[m_HookedPlayer]; - if(pCharCore && m_pTeams->CanKeepHook(m_Id, pCharCore->m_Id)) + if(pCharCore && m_Id != -1 && m_pTeams->CanKeepHook(m_Id, pCharCore->m_Id)) m_HookPos = pCharCore->m_Pos; else { @@ -575,7 +575,7 @@ bool CCharacterCore::IsSwitchActiveCb(int Number, void *pUser) { CCharacterCore *pThis = (CCharacterCore *)pUser; if(pThis->Collision()->m_pSwitchers) - if(pThis->m_pTeams->Team(pThis->m_Id) != (pThis->m_pTeams->m_IsDDRace16 ? VANILLA_TEAM_SUPER : TEAM_SUPER)) + if(pThis->m_Id != -1 && pThis->m_pTeams->Team(pThis->m_Id) != (pThis->m_pTeams->m_IsDDRace16 ? VANILLA_TEAM_SUPER : TEAM_SUPER)) return pThis->Collision()->m_pSwitchers[Number].m_Status[pThis->m_pTeams->Team(pThis->m_Id)]; return false; }