Jump to content

Rare (really) core-downer fix related to rare attribute


Recommended Posts

  • Engineer
Posted (edited)

Hello guys,

I am once again coming with a really little fix that is related to rare attribute (6/7 bonuses). This bug is extra rare because to trigger it you must have a way to add 6 and 7 bonuses to an item and you must have an incorrect field or an error in your item_attr_rare table. So this is most likely a code sanitization but it's always good to avoid such errors as I encountered people having this bug.

When you add a rare bonus, the game will fill a vector with the bonuses from the table and randomly pick one in the vector. However, if you have an error in the table, this vector will be empty and the randomization will result in doing "number(0, -1)", which is obviously incorrect and your core will crash.

For searching purposes (if someone in the future is looking for a fix), the error is this one :

Quote

number_ex: number(): first argument is bigger than second argument 0 -> -1

The fix is really simple, we must check if the vector is empty and then exit at this moment.

In item_attribute.cpp, in the following function:

bool CItem::AddRareAttribute()

Under this block of code:

	for (int i = 0; i < MAX_APPLY_NUM; ++i)
	{
		const TItemAttrTable& r = g_map_itemRare[i];

		if (r.dwApplyIndex != 0 && r.bMaxLevelBySet[nAttrSet] > 0 && HasRareAttr(i) != true)
		{
			avail.push_back(i);
		}
	}

Add the following check:

	if (avail.empty())
	{
		sys_err("Couldn't add a rare bonus - item_attr_rare has incorrect values!");
		return false;
	}

And that's pretty much it, pretty straightforward, but instead of crashing, you will have a syserr and you will know what to check next!

Edited by Gurgarath
  • Metin2 Dev 3
  • Love 9
  • Love 1
  • Good 4
  • Vomit 1
Link to comment

msf-64F8BClEhg4xPg88.png

There is also stupid bug, You can access 0-255 array index where vaild index is 0-4,  if memory is filled at address which array points and value is < 1 with incorrect index  you should get free name change.

If you want trigger, just call net.SendChangeNamePacket(254, "newcharactername") from python. Try to decrement/increment index to find filled memory and check behaviour.

  • Metin2 Dev 1
  • Love 1
  • Think 3
Link to comment

For a second I was thinking "this crash feels familiar.." and yep

stlsY6p.png

For a system I made I had not to include some items in the table and sometimes the game would crash and found out about this stupid thing as well.

  • Love 1
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.