/media/ddnet/src/engine/server/sql_string_helpers.cpp:74:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
and mark some false positives
/media/ddnet/src/engine/client/backend_sdl.cpp:329:30: warning: Call to 'malloc' has an allocation size of 0 bytes [clang-analyzer-optin.portability.UnixAPI]
3020: Fix all Multiplication type alerts by CodeQL r=heinrich5991 a=def-
> Multiplication result converted to larger type
> A multiplication result that is converted to a larger type can be a
> sign that the result can overflow the type converted from.
Example: https://github.com/ddnet/ddnet/security/code-scanning/17?query=ref%3Arefs%2Fheads%2Fmaster
Co-authored-by: def <dennis@felsin9.de>
3005: Use rest instead of string in some commands r=heinrich5991 a=def-
where it makes sense, means you don't need to quote strings for those
Co-authored-by: def <dennis@felsin9.de>
Purely automatic change. In case of conflict with this change, apply the
other change and rerun the formatting to restore it:
$ python scripts/fix_style.py
2917: Create ALLOW_X_SKINS game info flag r=heinrich5991 a=def-
To allow server to set any x_ prefixed skin and client won't filter it
out. As requested by Pure_luck for his mod to show players as tanks,
walls, etc. Won't be enabled on DDNet-Servers, thus such skins can be
added where a server modification wants to fine-control what skins are
allowed and can enforce such skins.
Co-authored-by: def <dennis@felsin9.de>
To allow server to set any x_ prefixed skin and client won't filter it
out. As requested by Pure_luck for his mod to show players as tanks,
walls, etc. Won't be enabled on DDNet-Servers, thus such skins can be
added where a server modification wants to fine-control what skins are
allowed and can enforce such skins.
2898: Inform players that they are in team already r=heinrich5991 a=def-
2901: Remove failed downloaded files immediately r=heinrich5991 a=def-
Especially skins were only deleted after they were requested again
2908: Don't log skin downloading progress r=heinrich5991 a=def-
since it's not really interesting for most players, as long as things work fine
Co-authored-by: def <dennis@felsin9.de>
2814: Remove saving to other servers r=Learath2 a=def-
sv_sql_valid_servernames is no longer required
2818: Load fonts from memory (fixes#2810) r=Learath2 a=def-
Missing: Freeing the memory again. But not so important since we keep
the same fonts until end of process anyway in our case.
@QingGo Could you give this a try from the Github build artifacts? If not, I can provide you a nightly build.
Co-authored-by: def <dennis@felsin9.de>
The slow query logs are full of this:
# Time: 200906 21:03:43
# User@Host: teeworlds[teeworlds] @ ger6.ddnet.tw [89.163.212.120]
# Thread_id: 101540 Schema: teeworlds QC_hit: No
# Query_time: 11.012166 Lock_time: 0.000000 Rows_sent: 0 Rows_examined: 0
# Rows_affected: 0 Bytes_sent: 67
SET timestamp=1599419023;
LOCK TABLES record_teamrace WRITE, record_teamrace AS r WRITE;
Do we really need these lock? See also
https://dev.mysql.com/doc/refman/5.7/en/table-locking.html
> InnoDB tables use row-level locking so that multiple sessions and
> applications can read from and write to the same table simultaneously,
> without making each other wait or producing inconsistent results. For
> this storage engine, avoid using the LOCK TABLES statement, because it
> does not offer any extra protection, but instead reduces concurrency.
