amx_Allot() returns success when it shouldn't

amx_Allot() returns success when it shouldn't - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP (https://sampforum.blast.hk/forumdisplay.php?fid=3)
+--- Forum: Bug Reports (https://sampforum.blast.hk/forumdisplay.php?fid=20)
+--- Thread: amx_Allot() returns success when it shouldn't (/showthread.php?tid=489120)

amx_Allot() returns success when it shouldn't - xeeZ - 20.01.2014

There's a bug in amx_Allot() where it checks whether there's enough space on the heap:

Код:

if (amx->stk - amx->hea - cells*sizeof(cell) < STKMARGIN)
  return AMX_ERR_MEMORY;

The expression on the left is always positive because of the convertion to size_t (which is unsigned). It can be fixed by replacing the first line with:

Код:

if ((size_t)amx->stk < (size_t)(amx->hea + cells*sizeof(cell) + STKMARGIN))

This also affects amx_PushString() and amx_PushArray() as they use this function internally.

Re: amx_Allot() returns success when it shouldn't - ][Noname][ - 20.01.2014

How it affects to plugins? to streamer?

Re: amx_Allot() returns success when it shouldn't - xeeZ - 21.01.2014

Quote:

Originally Posted by SPAWN_METAL

How it affects to plugins? to streamer?

Streamer is OK as it doesn't use these functions. GDK 3.3+ based plugins are fine too as I fixed this internally. Can't say about other plugins, the ones that pass strings or arrays to callbacks are probably affected by this.

Even the server itself can suffer from it - I saw at least one crash report related to this bug. It's pretty easy to trigger:

pawn Код:

#include <a_http>
#include <a_samp>

forward MyHttpResponse(index, response_code, data[]);

main() {
    HTTP(1, HTTP_GET, "www.******.com/search?q=atata", "", "MyHttpResponse");
}

public MyHttpResponse(index, response_code, data[]) {
    printf("Reponse was %d", response_code);
}

The page is clearly bigger than 4 KB, so amx_PushString() will try to write past the top of the stack because it'll think it's OK as amx_Allot() returned no error, which would obviously result in a bad memory access.

Re: amx_Allot() returns success when it shouldn't - xeeZ - 13.02.2014

Why wasn't this fixed in 0.3z?

Re: amx_Allot() returns success when it shouldn't - Reboma - 13.02.2014

Quote:

Originally Posted by xeeZ

Why wasn't this fixed in 0.3z?

Oh, so that was the reason why my server crashed sometimes with the crashdetect natives...
I think we have to wait a year again for the next SA:MP release :/

Re: amx_Allot() returns success when it shouldn't - xeeZ - 14.02.2014

I guess it's the same story as with CallLocal/RemoteFunction - the empty string bug has been there for ages, but Kalcor doesn't seem to care. Perhaps he would argue that it's a feature rather than a bug.

Re: amx_Allot() returns success when it shouldn't - Jachu - 14.02.2014

Since everything is working for everyone I would not expect any fix for that, but well done for finding it.

Re: amx_Allot() returns success when it shouldn't - Kar - 09.03.2015

Can we please see something done about this in 0.3.7?