Help crash the test server

[Mugwump]

I completed the Wine quest today successfully. Can't be sure if I did the steps in the correct order since I was looking for a 'drought' trigger from Latis and 'thermonuclear' from Bais. I saw neither of these. The Latis trigger seems to be the 'debt' option, and Bais only had 'Latis' father' with a different result at the end.

 

If I recall, the last time I did this quest I used the same procedure. Just keep going to each NPC named as well as search for Ertan in TD until someone changes their story... it did finish correctly with the wine discount from Vesine. There was no mention of 'thermonuclear' that I recall unless it is in an NPC's normal chat. Didn't see it as quest related anyway.

 

Meanwhile I still have NPC's to bother.... priests, TG, GP, DP, and Luxin.... that's just Seridia !

[Grimnir]

But you do remember the Draught option?

Correct - the drought dialog from Latis was definitely not there when I tried the wine quest for the second time (after server crash). The thermonuclear dialog may have been there - I was saying it didn't stand out in my memory. I wasn't specifically looking for it the way I was looking for the drought option (the second time I undertook the wine quest). I still think I would have remembered seeing that option if it were there, but I could be wrong. When you asked specifically about the thermonuclear dialog, I went back to try the wine quest a third time and got neither drought dialog from Latis nor thermonuclear dialog from Bais.

 

In trying the quest again today, I think I can see why the drought dialog isn't coming up from Latis - the debt dialog that prompts it from Bais isn't coming up at all. I get the original quest prompt from Latis, I get the prompt from Nyeald, then get no prompt from Bais.

[Puntif]

On the test server I'm running through the Tankel's Daughter is Sick quest. Talking to Edlera she says "In order to achieve that, we have to overload her emotional . . ." and it shows only a "more" option at the bottom. Clicking the more option does nothing.

 

I looked in my error_log.txt and found a " CAUTION: Possibly forged NPC_OPTIONS_LIST packet received." message - not sure if it's from that dialog or not.

 

Later in the quest I went back to Edlera and when she says "Well Aluwen, the goddess of life . . ." it also gives only a "more" option that does nothing.

 

Also after Kelcha is healed if you talk to Edlera you get the "Tankel sends his apologies" option even before talking to Tankel and accepting Tankel's "please send Edlera my apologies" request.

Edited October 5, 2007 by Puntif

[Entropy]

On the test server I'm running through the Tankel's Daughter is Sick quest. Talking to Edlera she says "In order to achieve that, we have to overload her emotional . . ." and it shows only a "more" option at the bottom. Clicking the more option does nothing.

 

That's very strange..

I could REALLY use a screenshot of those things.

There is no "More" option about that, and the whole text is supposed to be displayed.

[Puntif]

I just re-ran through that quest (again on the test server) with another char. I got a screenshot of that dialog with the "More" - it seems like there should be an empty list of dialog options. The More that shows appears to be left over from the previous screenful of dialog. It seems like this happens in several places where the previous screen's dialog options remain displayed.See Edlera dialog screenshot and error_log.txt from the same session

[Learner]

I just re-ran through that quest (again on the test server) with another char. I got a screenshot of that dialog with the "More" - it seems like there should be an empty list of dialog options. The More that shows appears to be left over from the previous screenful of dialog. It seems like this happens in several places where the previous screen's dialog options remain displayed.See Edlera dialog screenshot and error_log.txt from the same session

I think the cause of the problem is:

CAUTION: Possibly forged NPC_OPTIONS_LIST packet received.

[Torg]

I think the cause of the problem is:

CAUTION: Possibly forged NPC_OPTIONS_LIST packet received.

/edit: I guess all those checks need to be reviewed. It seems from what I can tell that they are one byte out of sync.

 

Ie. For this example there is a check of the length of the data to stop an overflow when passing &in_data[3]... however &in_data[0] is the protocol and isn't included in the calculation of data_length so the check should actually be for data_length <= 4.

			if (data_length <= 3)
			{
			  log_error("CAUTION: Possibly forged NPC_OPTIONS_LIST packet received. Data length: %d\n", data_length);
//				  break;
			}
			build_response_entries(&in_data[3],SDL_SwapLE16(*((Uint16 *)(in_data+1))));

 

Is this accurate, and if so shall I check all the others?

Edited October 11, 2007 by Torg

[Grum]

I don't think that's correct. If I'm not mistaken, the server _does_ include the protocol byte (byte 0) in the length field (bytes 1 and 2). The client then adds another 2 for the length field to give data_length.

 

However, when the options list is empty, data_length==3. This is not a problem, and the check should not be triggered in that case. Passing &in_data[3] is valid, as long as we don't dereference it.

[Torg]

However, when the options list is empty, data_length==3. This is not a problem, and the check should not be triggered in that case. Passing &in_data[3] is valid, as long as we don't dereference it.

Hmmm, yeah ok. In build_response_entries it clears any previous dialog entries and then in the first iteration of the loop, checks the length, which if == 3 will then break.

 

Thus the point of it is to clear the dialog.

 

I'm guessing there are a bunch of other cases similar to this as a result of adding those forged packet checks. :-S

[Cycloonx]

I just re-ran through that quest (again on the test server) with another char. I got a screenshot of that dialog with the "More" - it seems like there should be an empty list of dialog options. The More that shows appears to be left over from the previous screenful of dialog. It seems like this happens in several places where the previous screen's dialog options remain displayed.See Edlera dialog screenshot and error_log.txt from the same session

I think the cause of the problem is:

CAUTION: Possibly forged NPC_OPTIONS_LIST packet received.

 

Maybe you do know, but this was reported weeks ago too, so this can't be the source of the server crashes.

[Grum]

Maybe you do know, but this was reported weeks ago too, so this can't be the source of the server crashes.

It isn't shouldn't be. This is a client error message (and it's wrong too), all it fails to do is clear the options list.

 

OTOH... this means that an invalid option is still available, and the corresponding code may be sent to the server. Depending on how robust the server is in handling it, this may have weird effects in certain cases.

[Cycloonx]

I have no clue, but that post was just meant as info (in case some people forgot it).

[Torg]

Maybe you do know, but this was reported weeks ago too, so this can't be the source of the server crashes.

The most recent cases of these reports have been when people have been going back and testing the NPC's on the test server after upgrading the version of the scripting engine (Pawn). I'm guessing half of those reports were actually a result of this client bug.

 

The upgrade to Pawn is what is thought to cause the crashes, but this bug being a client bug (not in Pawn on the server) doesn't help trying to work out what exactly is broken. It is also possible as Grum mentioned that this code is sending strange responses to the server which might confuse it.

 

/edit: Possibly made my point a little clearer, but not much. Meh.

Edited October 11, 2007 by Torg