/media/ddnet/src/engine/server/sql_string_helpers.cpp:74:3: warning: Call to function 'strcpy' is insecure as it does not provide bounding of the memory buffer. Replace unbounded copy functions with analogous functions that support length arguments such as 'strlcpy'. CWE-119 [clang-analyzer-security.insecureAPI.strcpy]
and mark some false positives
/media/ddnet/src/engine/client/backend_sdl.cpp:329:30: warning: Call to 'malloc' has an allocation size of 0 bytes [clang-analyzer-optin.portability.UnixAPI]
3020: Fix all Multiplication type alerts by CodeQL r=heinrich5991 a=def-
> Multiplication result converted to larger type
> A multiplication result that is converted to a larger type can be a
> sign that the result can overflow the type converted from.
Example: https://github.com/ddnet/ddnet/security/code-scanning/17?query=ref%3Arefs%2Fheads%2Fmaster
Co-authored-by: def <dennis@felsin9.de>
3005: Use rest instead of string in some commands r=heinrich5991 a=def-
where it makes sense, means you don't need to quote strings for those
Co-authored-by: def <dennis@felsin9.de>
Purely automatic change. In case of conflict with this change, apply the
other change and rerun the formatting to restore it:
$ python scripts/fix_style.py
2917: Create ALLOW_X_SKINS game info flag r=heinrich5991 a=def-
To allow server to set any x_ prefixed skin and client won't filter it
out. As requested by Pure_luck for his mod to show players as tanks,
walls, etc. Won't be enabled on DDNet-Servers, thus such skins can be
added where a server modification wants to fine-control what skins are
allowed and can enforce such skins.
Co-authored-by: def <dennis@felsin9.de>
To allow server to set any x_ prefixed skin and client won't filter it
out. As requested by Pure_luck for his mod to show players as tanks,
walls, etc. Won't be enabled on DDNet-Servers, thus such skins can be
added where a server modification wants to fine-control what skins are
allowed and can enforce such skins.
2898: Inform players that they are in team already r=heinrich5991 a=def-
2901: Remove failed downloaded files immediately r=heinrich5991 a=def-
Especially skins were only deleted after they were requested again
2908: Don't log skin downloading progress r=heinrich5991 a=def-
since it's not really interesting for most players, as long as things work fine
Co-authored-by: def <dennis@felsin9.de>
2814: Remove saving to other servers r=Learath2 a=def-
sv_sql_valid_servernames is no longer required
2818: Load fonts from memory (fixes#2810) r=Learath2 a=def-
Missing: Freeing the memory again. But not so important since we keep
the same fonts until end of process anyway in our case.
@QingGo Could you give this a try from the Github build artifacts? If not, I can provide you a nightly build.
Co-authored-by: def <dennis@felsin9.de>
The slow query logs are full of this:
# Time: 200906 21:03:43
# User@Host: teeworlds[teeworlds] @ ger6.ddnet.tw [89.163.212.120]
# Thread_id: 101540 Schema: teeworlds QC_hit: No
# Query_time: 11.012166 Lock_time: 0.000000 Rows_sent: 0 Rows_examined: 0
# Rows_affected: 0 Bytes_sent: 67
SET timestamp=1599419023;
LOCK TABLES record_teamrace WRITE, record_teamrace AS r WRITE;
Do we really need these lock? See also
https://dev.mysql.com/doc/refman/5.7/en/table-locking.html
> InnoDB tables use row-level locking so that multiple sessions and
> applications can read from and write to the same table simultaneously,
> without making each other wait or producing inconsistent results. For
> this storage engine, avoid using the LOCK TABLES statement, because it
> does not offer any extra protection, but instead reduces concurrency.
2465: Sqlite3 support and prepared statements r=heinrich5991 a=Zwelf
This PR changes the abstraction layer of the score backend to thin abstractions over the MySQL and SQLite3 library. It executes all Queries in one worker thread making it easier to use the ddnet thread pool. This doesn't change much, because each the mysql-connection was locked with `m_SqlLock` beforehand, serializing writes and reads respectively.
Behavior change (even though I tried to minimize them):
* `sv_use_sql` is used to determine if mysql server should be added
* `sv_sql_failure_file` is replaced by `sv_sqlite_file`
* `sv_sqlite_file` is either used as a backup server when `sv_use_sql` is enabled or as the primary read+write server when `sv_use_sql` is disabled
* `/load` now escapes the like-string
Since I am not good at designing config file commands, I would appreciate feedback on this part.
WIP:
* [x] rewrite SQL statements to work in both MySQL and SQLite (preferable just ANSI-SQL)
* [x] create tables (`COLLATE BINARY` and encoding info)
* [x] store rank (UPSERT for points)
* [x] load birthday (different function in sqlite for time handling)
* [x] `/mapinfo` (`convert(? using utf8mb4) COLLATE utf8mb4_general_ci`)
* [x] `/map` (`convert(? using utf8mb4) COLLATE utf8mb4_general_ci`)
* [x] store teamrank (`GROUP_CONCAT`)
* [x] `/teamrank` (`GROUP_CONCAT`)
* [x] ~`/top5team` (`GROUP_CONCAT`)~ doesn't contain GROUP_CONCAT
* [x] `/times` (`UNIX_TIMESTAMP`)
* [x] `/load` without any arguments (`UNIX_TIMESTAMP`)
* [x] all commits compiling, making future bisect easier
* [x] write a sqlite_to_mysql script
* [x] write an old_file_server to sqlite script
* [x] gracefully shutdown DbPool
Co-authored-by: Zwelf <zwelf@strct.cc>
2501: Show "Free View" for Sixup r=fokkonaut a=Learath2
@fokkonaut is this enough?
bors delegate=fokkonaut
Co-authored-by: Learath <learath2@gmail.com>
2433: Fix votes for sixup r=heinrich5991 a=Learath2
I think this looks sane but I haven't tested it at all for idk how to even test this locally/alone
2505: Fix legacy 64 player serverinfo, don't send duplicate packets (fixes#2495) r=heinrich5991 a=def-
For legacy we sent the first packet once correctly, then the 2nd and 3rd
packet without the marker and token at the start, so they never worked.
For new 64 player serverinfo we sent all packets correctly but the 1st
packet twice.
Introduced in #1955.
2506: Prevent whisper spam from 0.7 (fixes#2504) r=heinrich5991 a=def-
Co-authored-by: Learath <learath2@gmail.com>
Co-authored-by: def <dennis@felsin9.de>
2478: Use (u)int64 from system.h instead of (u)int64_t from cstdint r=heinrich5991 a=def-
src/game/client/prediction/gameworld.h:62:90: error: ‘int64_t’ has not been declared
62 | void CreateExplosion(vec2 Pos, int Owner, int Weapon, bool NoDamage, int ActivatedTeam, int64_t Mask);
| ^~~~~~~
2480: Send zoom status for dummy too r=heinrich5991 a=def-
Co-authored-by: def <dennis@felsin9.de>
src/game/client/prediction/gameworld.h:62:90: error: ‘int64_t’ has not been declared
62 | void CreateExplosion(vec2 Pos, int Owner, int Weapon, bool NoDamage, int ActivatedTeam, int64_t Mask);
| ^~~~~~~
2474: Remove IP skins r=heinrich5991 a=def-
2476: Use x instead of y in show distance (fixes#2475) r=heinrich5991 a=def-
Co-authored-by: def <dennis@felsin9.de>
2424: Keep hook when loading r=heinrich5991 a=Zwelf
Solves issue discussed in #2374. Also keeps direction and jump, which is evaluated when player is in /pause. Fire could be deleted, as it does not affect game play in any way.
Co-authored-by: Zwelf <zwelf@strct.cc>
2413: Fix showothers for specchar r=heinrich5991 a=edg-l
Fixes https://github.com/ddnet/ddnet/issues/2410
I also made it use the Alpha on specchars that are on another team.
Co-authored-by: Edgar <git@edgarluque.com>
2401: Client tells server its zoom level (fixes#2087) r=heinrich5991 a=def-
and server adapts the visible distance to it
Co-authored-by: def <dennis@felsin9.de>
2374: Restore old /save behavior r=def- a=Zwelf
Fixes#2362, supersedes #2367
I didn't change the /save message. There are already two different: "Use '/load %s' on %s to continue" and "Use '/load %s' to continue".
I think it would be better to add a NetMessage, this could also solve the problem of saving which team members were in the team.
> I guess this can't be used to cheat anything?
Only if an instant rehook is necessary. Might be useful for rehooking an edge hook (but you still have to aim).
Co-authored-by: Zwelf <zwelf@strct.cc>
2356: Make game less dependend on score backend r=heinrich5991 a=Zwelf
Behavior change:
* `sv_save_worse_scores` is respected on file based servers
Mainly a clean up after #2247, but helps #2298 too
Co-authored-by: Zwelf <zwelf@strct.cc>
2335: Make it more clear that this is a sixup translation server r=heinrich5991 a=def-
2336: Set skill level for Sixup (fixes#2334) r=heinrich5991 a=def-
2340: Keeping multiple states consistent is hard (fixes#2315) r=heinrich5991 a=def-
let's go recount every time
2342: Don't forget video recorder fps setting r=heinrich5991 a=def-
after switching to non-videorecorder client
2349: Document which MySQL/MariaDB versions we require (fixes#2343) r=heinrich5991 a=def-
Co-authored-by: def <dennis@felsin9.de>
2321: Use the 0.7 race features better r=def- a=Learath2
Mostly tested, couldn't test the diffs though as I don't have score set up. It looks good to me though.
Co-authored-by: Learath <learath2@gmail.com>
2291: Make PlayerResult messages an union variant r=def- a=Zwelf
and some small style and readability fixes in sql_score.
Co-authored-by: Zwelf <zwelf@strct.cc>
2290: Restore old message behavior when using /load and /save r=def- a=Zwelf
Only notify the player initiating /load about the error and don't send
'Loading initiated by ...' and 'Saving initiated by ...' messages resulting
in two messages per /load and /save.
Not sure if the old behavior is better or if we want to keep the new with sending two messages per /save and /load.
Co-authored-by: Zwelf <zwelf@strct.cc>
Only notify the player initiating /load about the error and don't send
'Loading initiated by ...' and 'Saving initiated by ...' messages resulting
in two messages per /load and /save.
2247: Thread safe SQL interaction r=def- a=Zwelf
This PR intends to make the database interaction thread safe and optimizes some SQL queries. This is still a WIP, but since it is a rather big PR I wanted to get feedback early on.
Benefits:
* remove race conditions leading to undefined behavior and potential crashes
* logging game related database results in teehistorian would be possible
Behavior change:
* /top5team prints ranks in reverse order when passing a negative number (like /top5, /top5points)
* Optimize SQL statements for /rank /teamrank /top5 /top5team /points /top5points
* /load without parameters doesn't pass the SQL error to the user (as most other functions)
* Simplify IScore interface
* Add UUID to /save table (update of database schema necessary):
```
ALTER TABLE record_saves ADD SaveID varchar(64);
```
* /save immediately kills team and loads it again if the database insert fails.
still TBD:
* [x] saving (team) score when finishing
* [x] loading team save
* [x] loading initial time and birthday check
* [x] /map and random map votes
* [x] RFC: generate a passphrase (2-3 word) if save-code exists or no save-code is given making /save failures much more rare and save-codes more secure
* [x] clean up code (removing now unused structs, ordering of functions in IScore)
Co-authored-by: Zwelf <zwelf@strct.cc>
2202: Send DDNet version early in the connection process r=Learath2 a=heinrich5991
This gets rid of the problem that we don't know whether we should send
full snapshots to clients because they haven't told us about them being
DDNet yet.
Co-authored-by: heinrich5991 <heinrich5991@gmail.com>
2212: Use a consistent PRNG on all platforms r=Learath2 a=heinrich5991
I just used glibc's because that is what we use on all the servers. Based on https://www.mscs.dal.ca/~selinger/random/.
Behavior change: The PRNG is actually seeded now.
Co-authored-by: heinrich5991 <heinrich5991@gmail.com>
As discussed on Discord today, can be enabled inside of teams on the fly
during each run on any server. Finishes don't count. I haven't tested
save/load yet, would do that live on the server if this can be merged.
The following member variables:
* m_name to m_aName
* m_String to m_aString
* m_CpCurrent to m_aCpCurrent
* m_Switchers to m_pSwitchers
* SavedTees to m_pSavedTees
This came from a long discussion comparing PCG-* against xoroshiro*. Do
not generate integers without bias because it doesn't affect us very
much and it is easier to reimplement with modulo.
2208: Implement /load without params to show some info r=Learath2 a=def-
about your existing saves. Not the code of course, but only how many saves you have and when you last saved on this map.
Co-authored-by: def <dennis@felsin9.de>
This gets rid of the problem that we don't know whether we should send
full snapshots to clients because they haven't told us about them being
DDNet yet.
2096: Fix the double-free of the antibot r=def- a=heinrich5991
I could not find an easy way to ensure that `AntibotDestroy` is only
being called once for each `AntibotInit` but still happening after all
the `CPlayer` destructors.
Co-authored-by: heinrich5991 <heinrich5991@gmail.com>
I could not find an easy way to ensure that `AntibotDestroy` is only
being called once for each `AntibotInit` but still happening after all
the `CPlayer` destructors.
2069: Move global configuration out of client interface r=heinrich5991 a=ChillerDragon
2076: Allow editing multiple tile layer props r=heinrich5991 a=Learath2
Requested by Ravie on discord
2095: Fix `AntibotDestroy` being called twice r=def- a=heinrich5991
The resource deallocation needs to happen in symmetry with the
allocation, otherwise we get unmatched dealloctions leading to crashes.
Allocations happened in `CAntibot::Init`, but it was not guaranteed that
this was called before the destructor.
Co-authored-by: ChillerDragon <ChillerDragon@gmail.com>
Co-authored-by: Learath <learath2@gmail.com>
Co-authored-by: heinrich5991 <heinrich5991@gmail.com>
The resource deallocation needs to happen in symmetry with the
allocation, otherwise we get unmatched dealloctions leading to crashes.
Allocations happened in `CAntibot::Init`, but it was not guaranteed that
this was called before the destructor.
Edgar
