Re: [DG Scripts] bug in alias variable Daniel W. Burke on Mon, Jan 26, 1998 at 11:43:14AM +0000

From: Eric Green (thrytis@IMAXX.NET)
Date: 01/26/98


On Mon, Jan 26, 1998 at 11:43:14AM +0000, Daniel W. Burke wrote:
> The way I handled that when I implemented this script system some time ago
> (only made a few scripts, so it was largly unused until I wrote the olc for
> it recently), is to have %actor% be used for everything... %actor% by itself
> returns the memory pointer... i.e. me = (int) ch;  Then use made a new
> function that ran through the character list, and using type casting, looked
> for a memory match, and add a call to that function to all the get_char
> functions... (I ended up using this in other things, because it became
> pretty convient, instead of searching the mud for pointers to a character
> when he/she gets extracted)...

Using the memory pointer in this way still isn't safe.  Athough you do
prevent referencing memory which has been freed, you could be pointing
to a totally different character if that space has been reassigned
to a new character.  For example:

  Bob enters the game (Bob's char_data is created at 0x0000F000).
  Bob pokes mob with script, which sets %actor% to 0x0000F000.
  Bob rents (memory at 0x0000F000 is freed).
  Joe enters the game (Joe's char_data is created at 0x0000F000).
  Mob with script (after a delay) starts tracking %actor%, which is now
    Joe.

Reusing the memory does occur a fair bit.  It is difficult for players to
exploit, but it will result in some hard to track down bugs.  Pointers
are only guarrenteed to be unique for a moment in time, not for the duration
of the mud.

Eric


     +------------------------------------------------------------+
     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
     +------------------------------------------------------------+



This archive was generated by hypermail 2b30 : 12/15/00 PST