araxiaonline/TrinityCore
3
0
Fork 0
mirror of https://github.com/araxiaonline/TrinityCore.git synced 2026-06-15 12:42:43 -04:00
Code Issues Packages Projects Releases Wiki Activity

Core/AI: Fix uninitialized values and array overflows in SAI

Browse Source 
Proper initialize POD struct members to 0 in SMART_ACTION_CREATE_TIMED_EVENT action type.
Fix array overflows and access uninitialized values in SMART_ACTION_CALL_RANDOM_TIMED_ACTIONLIST, SMART_ACTION_RANDOM_PHASE and SMART_ACTION_RANDOM_EMOTE .

Valgrind log for SMART_ACTION_RANDOM_PHASE case:
 Conditional jump or move depends on uninitialised value(s)
   at : SmartScript::UpdateTimer(SmartScriptHolder&, unsigned int) (SmartScript.cpp:3086)
   by : SmartScript::OnUpdate(unsigned int) (SmartScript.cpp:3176)
   by : SmartAI::UpdateAI(unsigned int) (SmartAI.cpp:335)
   by : Creature::Update(unsigned int) (Creature.cpp:542)
   by : TempSummon::Update(unsigned int) (TemporarySummon.cpp:47)

 Uninitialised value was created by a stack allocation
   at : SmartScript::ProcessAction(SmartScriptHolder&, Unit*, unsigned int, unsigned int, bool, SpellInfo const*, GameObject*) (SmartScript.cpp:143)
This commit is contained in:
jackpoz
2013-09-22 22:08:38 +02:00
parent 4498ac0062
commit ec3832c2c1
2 changed files with 19 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/server/game/AI/SmartScripts/SmartScript.cpp
View File

@@ -411,11 +411,17 @@ void SmartScript::ProcessAction(SmartScriptHolder& e, Unit* unit, uint32 var0, u
}
}
if (count == 0)
{
delete targets;
break;
}
for (ObjectList::const_iterator itr = targets->begin(); itr != targets->end(); ++itr)
{
if (IsUnit(*itr))
{
uint32 emote = temp[urand(0, count)];
uint32 emote = temp[urand(0, count - 1)];
(*itr)->ToUnit()->HandleEmoteCommand(emote);
TC_LOG_DEBUG(LOG_FILTER_DATABASE_AI, "SmartScript::ProcessAction:: SMART_ACTION_RANDOM_EMOTE: Creature guidLow %u handle random emote %u",
(*itr)->GetGUIDLow(), emote);
@@ -835,7 +841,10 @@ void SmartScript::ProcessAction(SmartScriptHolder& e, Unit* unit, uint32 var0, u
}
}
uint32 phase = temp[urand(0, count)];
if (count == 0)
break;
uint32 phase = temp[urand(0, count - 1)];
SetPhase(phase);
TC_LOG_DEBUG(LOG_FILTER_DATABASE_AI, "SmartScript::ProcessAction: SMART_ACTION_RANDOM_PHASE: Creature %u sets event phase to %u",
GetBaseObject()->GetGUIDLow(), phase);
@@ -1475,7 +1484,7 @@ void SmartScript::ProcessAction(SmartScriptHolder& e, Unit* unit, uint32 var0, u
}
case SMART_ACTION_CREATE_TIMED_EVENT:
{
SmartEvent ne;
SmartEvent ne = SmartEvent();
ne.type = (SMART_EVENT)SMART_EVENT_UPDATE;
ne.event_chance = e.action.timeEvent.chance;
if (!ne.event_chance) ne.event_chance = 100;
@@ -1489,11 +1498,11 @@ void SmartScript::ProcessAction(SmartScriptHolder& e, Unit* unit, uint32 var0, u
if (!ne.minMaxRepeat.repeatMin && !ne.minMaxRepeat.repeatMax)
ne.event_flags |= SMART_EVENT_FLAG_NOT_REPEATABLE;
SmartAction ac;
SmartAction ac = SmartAction();
ac.type = (SMART_ACTION)SMART_ACTION_TRIGGER_TIMED_EVENT;
ac.timeEvent.id = e.action.timeEvent.id;
SmartScriptHolder ev;
SmartScriptHolder ev = SmartScriptHolder();
ev.event = ne;
ev.event_id = e.action.timeEvent.id;
ev.target = e.target;
@@ -1693,7 +1702,10 @@ void SmartScript::ProcessAction(SmartScriptHolder& e, Unit* unit, uint32 var0, u
}
}
uint32 id = temp[urand(0, count)];
if (count == 0)
break;
uint32 id = temp[urand(0, count - 1)];
if (e.GetTargetType() == SMART_TARGET_NONE)
{
TC_LOG_ERROR(LOG_FILTER_SQL, "SmartScript: Entry %d SourceType %u Event %u Action %u is using TARGET_NONE(0) for Script9 target. Please correct target_type in database.", e.entryOrGuid, e.GetScriptType(), e.GetEventType(), e.GetActionType());