From ac2f5b299d8b9787e074615d7d72a3686f31ffd8 Mon Sep 17 00:00:00 2001 From: Eduardo Dantas Date: Mon, 25 Jul 2022 21:48:09 -0300 Subject: [PATCH] Fixed crash when creating specific offers with certain amount from inbox (#453) Crash reproduced in a very specific scenario, we will not give information to prevent malicious people from abusing the bug on the server of those who did not update with this commit --- src/game/game.cpp | 57 ++++++++++++++++++++++++++--------------------- src/game/game.h | 2 +- 2 files changed, 33 insertions(+), 26 deletions(-) diff --git a/src/game/game.cpp b/src/game/game.cpp index f59aa1b60b2..dd1e73a7945 100644 --- a/src/game/game.cpp +++ b/src/game/game.cpp @@ -7619,7 +7619,8 @@ void Game::playerCreateMarketOffer(uint32_t playerId, uint8_t type, uint16_t ite } DepotLocker* depotLocker = player->getDepotLocker(player->getLastDepotId()); - if (!depotLocker) { + if (depotLocker == nullptr) { + SPDLOG_ERROR("[Game::playerCreateMarketOffer] - Sell depot chest is nullptr"); return; } @@ -7638,8 +7639,9 @@ void Game::playerCreateMarketOffer(uint32_t playerId, uint8_t type, uint16_t ite uint16_t stashminus = player->getStashItemCount(it.wareId); amount = (amount - (amount > stashminus ? stashminus : amount)); - std::forward_list itemList = getMarketItemList(it.wareId, amount, depotLocker); - if (itemList.empty() && amount > 0) { + std::vector itemVector = getMarketItemList(it.wareId, amount, depotLocker); + if (itemVector.empty() && amount > 0) { + SPDLOG_ERROR("[Game::playerCreateMarketOffer] - Sell item list is empty"); return; } @@ -7648,7 +7650,7 @@ void Game::playerCreateMarketOffer(uint32_t playerId, uint8_t type, uint16_t ite } uint16_t tmpAmount = amount; - for (Item *item : itemList) { + for (Item *item : itemVector) { if (!it.stackable) { internalRemoveItem(item); continue; @@ -7812,7 +7814,8 @@ void Game::playerAcceptMarketOffer(uint32_t playerId, uint32_t timestamp, uint16 // so the market action is 'buy' as who created the offer is buying. if (offer.type == MARKETACTION_BUY) { DepotLocker* depotLocker = player->getDepotLocker(player->getLastDepotId()); - if (!depotLocker) { + if (depotLocker == nullptr) { + SPDLOG_ERROR("[Game::playerCreateMarketOffer] - Buy depot chest is nullptr"); return; } @@ -7856,14 +7859,15 @@ void Game::playerAcceptMarketOffer(uint32_t playerId, uint32_t timestamp, uint16 } if (removeAmount > 0) { - std::forward_list itemList = getMarketItemList(it.wareId, removeAmount, depotLocker); - if (itemList.empty() && removeAmount > 0) { + std::vector itemVector = getMarketItemList(it.wareId, amount, depotLocker); + if (itemVector.empty()) { + SPDLOG_ERROR("[Game::playerCreateMarketOffer] - Buy item list is empty"); return; } if (it.stackable) { uint16_t tmpAmount = removeAmount; - for (Item* item : itemList) { + for (Item* item : itemVector) { if (!item) { continue; } @@ -7876,7 +7880,7 @@ void Game::playerAcceptMarketOffer(uint32_t playerId, uint32_t timestamp, uint16 } } } else { - for (Item* item : itemList) { + for (Item* item : itemVector) { if (!item) { continue; } @@ -7931,7 +7935,6 @@ void Game::playerAcceptMarketOffer(uint32_t playerId, uint32_t timestamp, uint16 delete buyerPlayer; } } else if (offer.type == MARKETACTION_SELL) { - Player *sellerPlayer = getPlayerByGUID(offer.playerId); if (!sellerPlayer) { sellerPlayer = new Player(nullptr); @@ -8468,20 +8471,22 @@ void Game::parsePlayerExtendedOpcode(uint32_t playerId, uint8_t opcode, const st } } -std::forward_list Game::getMarketItemList(uint16_t wareId, uint16_t sufficientCount, DepotLocker* depotLocker) +std::vector Game::getMarketItemList(uint16_t wareId, uint16_t sufficientCount, DepotLocker* depotLocker) { - std::forward_list itemList; - uint16_t count = 0; + std::vector itemVector; + itemVector.reserve(std::max(32, depotLocker->size())); - std::list containers {depotLocker}; - do { - Container* container = containers.front(); - containers.pop_front(); + std::vector containers{ depotLocker }; + containers.reserve(32); + uint16_t count = 0; + size_t i = 0; + do { + Container* container = containers[i]; for (Item* item : container->getItemList()) { - Container* c = item->getContainer(); - if (c && !c->empty()) { - containers.push_back(c); + Container* itemContainer = item->getContainer(); + if (itemContainer && !itemContainer->empty()) { + containers.push_back(itemContainer); continue; } @@ -8490,7 +8495,7 @@ std::forward_list Game::getMarketItemList(uint16_t wareId, uint16_t suffi continue; } - if (c && (!itemType.isContainer() || c->capacity() != itemType.maxItems)) { + if (itemContainer && (!itemType.isContainer() || itemContainer->capacity() != itemType.maxItems)) { continue; } @@ -8498,15 +8503,17 @@ std::forward_list Game::getMarketItemList(uint16_t wareId, uint16_t suffi continue; } - itemList.push_front(item); + itemVector.push_back(item); count += Item::countByType(item, -1); if (count >= sufficientCount) { - return itemList; + return itemVector; } } - } while (!containers.empty()); - return std::forward_list(); + } while (++i < containers.size()); + + itemVector.clear(); + return itemVector; } void Game::forceRemoveCondition(uint32_t creatureId, ConditionType_t conditionType, ConditionId_t conditionId) diff --git a/src/game/game.h b/src/game/game.h index 11becb42eb2..47647a50ee7 100644 --- a/src/game/game.h +++ b/src/game/game.h @@ -390,7 +390,7 @@ class Game void parsePlayerExtendedOpcode(uint32_t playerId, uint8_t opcode, const std::string& buffer); - std::forward_list getMarketItemList(uint16_t wareId, uint16_t sufficientCount, DepotLocker* depotLocker); + std::vector getMarketItemList(uint16_t wareId, uint16_t sufficientCount, DepotLocker* depotLocker); static void updatePremium(account::Account& account);