I'm not sure if it's already present, but people reported me the /costume could be exploited for crashing every server (even officials as far as I heard)
The bug is simple, the command prints the names of the costume's bonuses in chat. If they are missing in cmd_general.cpp fn_string, it returns null and causes a core crash, or if the format doesn't have a single-and-only-one format specifier %d.
In here the patch:
diff --git a/s3ll_server/README-SERVER.txt b/s3ll_server/README-SERVER.txt
index 94f67f8..7d1dd3f 100644
--- a/s3ll_server/README-SERVER.txt
+++ b/s3ll_server/README-SERVER.txt
@@ -336,6 +336,7 @@
+@fixme180: on cmd_general.cpp; /costume will cause game core crashes if the relative costume bonus ids aren't present inside fn_string or have no %d
#@/Server (general)
@fixme401: fixed the guild disband time issue
diff --git a/s3ll_server/Srcs/Server/game/src/cmd_general.cpp b/s3ll_server/Srcs/Server/game/src/cmd_general.cpp
index 739b7fc..740d80d 100644
--- a/s3ll_server/Srcs/Server/game/src/cmd_general.cpp
+++ b/s3ll_server/Srcs/Server/game/src/cmd_general.cpp
@@ -1871,8 +1871,8 @@ static const char* FN_point_string(int apply_number)
case POINT_MALL_ATTBONUS: return LC_TEXT("°ø°Ý·Â +%d%%");
case POINT_MALL_DEFBONUS: return LC_TEXT("¹æ¾î·Â +%d%%");
case POINT_MALL_EXPBONUS: return LC_TEXT("°æÇèÄ¡ %d%%");
- case POINT_MALL_ITEMBONUS: return LC_TEXT("¾ÆÀÌÅÛ µå·ÓÀ² %.1f¹è");
- case POINT_MALL_GOLDBONUS: return LC_TEXT("µ· µå·ÓÀ² %.1f¹è");
+ case POINT_MALL_ITEMBONUS: return LC_TEXT("¾ÆÀÌÅÛ µå·ÓÀ² %d¹è"); // @fixme180 float to int
+ case POINT_MALL_GOLDBONUS: return LC_TEXT("µ· µå·ÓÀ² %d¹è"); // @fixme180 float to int
case POINT_MAX_HP_PCT: return LC_TEXT("ÃÖ´ë »ý¸í·Â +%d%%");
case POINT_MAX_SP_PCT: return LC_TEXT("ÃÖ´ë Á¤½Å·Â +%d%%");
case POINT_SKILL_DAMAGE_BONUS: return LC_TEXT("½ºÅ³ µ¥¹ÌÁö %d%%");
@@ -1889,7 +1889,7 @@ static const char* FN_point_string(int apply_number)
#ifdef ENABLE_WOLFMAN_CHARACTER
case POINT_RESIST_WOLFMAN: return LC_TEXT("¹«´ç°ø°Ý¿¡ %d%% ÀúÇ×");
#endif
- default: return NULL;
+ default: return "UNK_ID %d%%"; // @fixme180
}
}
You can try to refactor the return type as std::string to print the proper apply_number if you want, but it's not necessary.
A special thank to Tunga for being my guinea pig of the day 🪓
