1. SA-MP Forums Archive
  2. SA-MP
  3. Bug Reports

Threaded Mode
URGENT: mass player crash vulnerability
IAmNeverBored
Little Clucker
**
Posts: 7
Threads: 3
Joined: Nov 2011
Reputation: 0
#1

02.12.2011, 09:34
Since a few days players immediately crash on stream-in of a specific player, potentially all players in a server could be crashed. Luckily, he only manages to crash a few hundred every 'round'.
crash report below.

We were able to trace the player because he triggered a vehicle switching flood warning (another crash vulnerability, succesfully blocked by our server script).

The player had ID 151 at the time of crash (see crash report). We verified its him by manually teleporting to his location, causing an instant crash every time.

SA-MP 0.3c-R3
Exception At Address: 0x005E623E

Registers:
EAX: 0x00B7D0BC EBX: 0xE40006E4 ECX: 0x08C4FC9C EDX: 0x005E6280
ESI: 0x08C4FC9C EDI: 0x000000B3 EBP: 0x0022FBD8 ESP: 0x0022FBB4
EFLAGS: 0x00010202

Stack:
+0000: 0x08C4FC9C 0x000000B3 0x005E629D 0xFF00003F
+0010: 0x08C4FC9C 0x04194ACC 0x000000B3 0x0C304998
+0020: 0x08C4FC9C 0x0C299170 0x0410E19D 0x000000B3
+0030: 0x00000001 0x0000001C 0x0C304998 0x765A82E1
+0040: 0x041103BB 0x0C2928E8 0x0C28C6E0 0x041082BB
+0050: 0x00000000 0x0C28C6E0 0x6322FC34 0x6F770097
+0060: 0xB3B30091 0x00000082 0x00000000 0x43E1D49E
+0070: 0xC4E202D6 0x4284AD71 0x000000D8 0x000000D8
+0080: 0x000000D8 0x0C2E9EB8 0x0526AB00 0x0526AD50
+0090: 0x00000000 0x016EE6C0 0x0022FC64 0x0022FC5C
+00A0: 0x6F87EBD6 0x0022FC74 0x0022FC8C 0x6F77A455
+00B0: 0x075C0040 0x0022FC74 0x051FAD60 0x051FD60C
+00C0: 0x00000004 0x00001853 0x00000000 0x000002D0
+00D0: 0x00001F20 0x00000168 0x0022FCEC 0x6F77A3A3
+00E0: 0x051FAD60 0x00000004 0x00001853 0x00000000
+00F0: 0x00000000 0x051FAD60 0x00000000 0x0022FCD0
+0100: 0x6F776BAA 0x051FAD60 0x00000000 0x00000000
+0110: 0x00000000 0x00000000 0x00000000 0x765A82E1
+0120: 0x04165A7B 0x0526AD50 0x00000001 0x0022FD00
+0130: 0x6F78A7CC 0x0000001C 0x00000001 0x0526AB20
+0140: 0x0022FD00 0x6F87E40B 0x00000002 0x0022FD24
+0150: 0x6F773EB9 0x043007F9 0x00000202 0x7749A880
+0160: 0x765A8200 0x765A82E1 0x0000001A 0x0C28C6E0
+0170: 0x765A82E1 0x0022FD3C 0x77764D70 0x7749A894
+0180: 0x0022FD58 0x0022FD3C 0x017D7840 0x0022FF78
+0190: 0x041B71FB 0x00000000 0x041095D7 0x0C2928E8
+01A0: 0x00000000 0x0000001A 0x0C28C6E0 0x04332924
+01B0: 0x00000001 0x04346574 0x0419DAD9 0x0000001A
+01C0: 0x00000001 0x765A82E1 0x0022FD90 0x00000000
+01D0: 0x00000000 0x00B6F028 0x00000000 0x0000001A
+01E0: 0x00000001 0x00000000 0x0053EB17 0x43C80000
+01F0: 0x43960000 0x0053ECC2 0x00000001 0x00619B71
+0200: 0x0000001A 0x00000001 0x00000001 0x0000000A
+0210: 0x00748DF0 0x0000001A 0x00000001 0x774994C5
+0220: 0x00000000 0x0022FF88 0x7FFDF000 0x01700000
+0230: 0x424DCFD5 0x017010E8 0x00000008 0x00000100
+0240: 0x00000008 0x00000102 0x43C80000 0x43960000
+0250: 0x00000000 0x00000000 0x00000320 0x00000258
+0260: 0x00000000 0x000061A8 0x0011014C 0x00000200
+0270: 0x00000000 0x013201AC 0x0283B3C1 0x000001AC

SCM Op: 0x470, lDbg: 0

Game Version: EU 1.0

State Information: Ped Context: 2
P0 (0,0) P1 (0,0) P2 (0,0) P3 (45,0)
P4 (0,0) P5 (0,0) P6 (0,0) P7 (45,0)
P8 (45,0) P9 (0,0) P10 (0,0) P12 (0,0) P13 (0,0) P14 (0,0) P15 (0,0)
P16 (0,0) P17 (0,0) P18 (0,0) P19 (45,0)
P20 (0,0) P21 (0,0) P22 (0,0) P23 (0,0)
P24 (0,0) P25 (0,0) P26 (0,0) P27 (0,0)
P28 (45,0) P29 (0,0) P30 (0,0) P31 (45,0)
P32 (45,0) P33 (0,0) P34 (0,0) P35 (0,0)
P36 (0,0) P37 (0,0) P38 (0,0) P39 (0,0)
P40 (0,0) P41 (0,0) P42 (0,0) P43 (0,0)
P44 (0,0) P45 (0,0) P46 (45,0) P47 (45,0)
P48 (0,0) P49 (0,0) P50 (45,0) P51 (0,0)
P52 (0,0) P53 (0,0) P54 (0,0) P55 (45,0)
P56 (0,0) P57 (0,0) P58 (0,0) P59 (0,0)
P60 (0,0) P61 (0,0) P62 (45,0) P63 (0,0)
P64 (0,0) P65 (0,0) P66 (45,0) P67 (0,0)
P68 (0,0) P69 (0,0) P70 (0,0) P71 (45,0)
P72 (45,0) P73 (45,0) P74 (0,0) P75 (45,0)
P76 (0,0) P77 (0,0) P78 (0,0) P79 (0,0)
P80 (0,0) P81 (45,0) P82 (0,0) P83 (0,0)
P84 (45,0) P85 (0,0) P86 (0,0) P87 (45,0)
P88 (45,0) P89 (45,0) P90 (0,0) P91 (0,0)
P92 (0,0) P93 (0,0) P94 (0,0) P95 (0,0)
P96 (45,0) P97 (45,0) P98 (0,0) P99 (0,0)
P100 (45,0) P101 (45,0) P102 (0,0) P103 (0,0)
P104 (0,0) P105 (45,0) P106 (45,0) P107 (0,0)
P108 (0,0) P109 (45,0) P110 (0,0) P111 (0,0)
P112 (45,0) P113 (45,0) P114 (0,0) P115 (0,0)
P116 (0,0) P117 (45,0) P118 (0,0) P119 (45,0)
P121 (0,0) P122 (45,0) P123 (0,0)
P124 (0,0) P125 (0,0) P126 (0,0) P127 (0,0)
P128 (0,0) P129 (0,0) P130 (0,0) P131 (0,0)
P132 (0,0) P133 (0,0) P134 (0,0) P135 (0,0)
P136 (45,0) P137 (0,0) P138 (45,0) P139 (0,0)
P140 (0,0) P141 (0,0) P142 (0,0) P143 (0,0)
P144 (45,0) P145 (0,0) P146 (0,0) P147 (0,0)
P148 (0,0) P149 (0,0) P150 (45,0) P151 (156,145)
P152 (0,0) P153 (0,0) P154 (0,0) P155 (0,0)
P156 (45,0) P157 (0,0) P158 (0,0) P159 (0,0)
P160 (45,0) P161 (0,0) P162 (0,0) P163 (0,0)
P164 (0,0) P165 (45,0) P166 (0,0) P167 (0,0)
P168 (0,0) P169 (0,0) P170 (0,0) P171 (45,0)
P172 (0,0) P173 (0,0) P174 (0,0) P175 (0,0)
P176 (45,0) P177 (45,0) P178 (0,0) P179 (0,0)
P180 (0,0) P181 (0,0) P182 (45,0) P183 (0,0)
P184 (0,0) P185 (0,0) P186 (0,0) P187 (0,0)
P188 (0,0) P189 (0,0) P190 (0,0) P191 (0,0)
P192 (0,0) P193 (0,0) P194 (0,0) P195 (0,0)
P196 (45,0) P197 (45,0) P198 (45,0) P199 (0,0)
P200 (0,0) P201 (0,0) P202 (0,0) P203 (0,0)
P204 (0,0) P205 (0,0) P206 (0,0) P207 (0,0)
P208 (0,0) P209 (0,0) P210 (0,0) P211 (0,0)
P212 (0,0) P213 (0,0) P214 (45,0) P215 (0,0)
P216 (0,0) P217 (0,0) P218 (0,0) P219 (0,0)
P220 (0,0) P221 (0,0) P222 (0,0) P223 (0,0)
P224 (45,0) P225 (0,0) P226 (0,0) P227 (0,0)
P228 (0,0) P229 (0,0) P230 (0,0) P231 (0,0)
P232 (0,0) P233 (0,0) P234 (0,0) P235 (0,0)
P236 (0,0) P237 (45,0) P238 (0,0) P239 (0,0)
P240 (0,0) P241 (0,0) P242 (45,0) P243 (0,0)
P244 (0,0) P245 (0,0) P246 (45,0) P247 (0,0)
P248 (0,0) P249 (0,0) P250 (0,0) P251 (0,0)
P252 (0,0) P253 (0,0) P254 (0,0) P256 (0,0) P257 (45,0) P258 (0,0) P259 (0,0)
P260 (0,0) P261 (0,0) P262 (0,0) P263 (45,0)
P264 (0,0) P265 (0,0) P266 (0,0) P267 (0,0)
P268 (0,0) P271 (0,0)
P272 (45,0) P277 (0,0) P278 (0,0) P282 (45,0) P283 (0,0)
P287 (0,0)
P289 (0,0) P290 (0,0) P291 (0,0)
P292 (0,0) P293 (0,0) P295 (0,0)
P296 (0,0) P300 (0,0) P301 (0,0) P304 (45,0) P306 (0,0) P311 (0,0)
P312 (45,0) P313 (0,0) P318 (0,0) P319 (0,0)
P320 (0,0) P324 (0,0) P325 (0,0) P326 (0,0) P327 (0,0)
P328 (45,0) P329 (45,0) P331 (0,0)
P341 (0,0) P342 (0,0) P345 (45,0) P350 (0,0) P352 (0,0) P354 (0,0) P356 (45,0) P360 (0,0) P363 (0,0)
P371 (0,0)
P372 (45,0) P379 (0,0)
P380 (0,0) P406 (0,0) P407 (0,0)
P409 (45,0) P419 (0,0)
P443 (0,0)
P455 (0,0)
P461 (0,0) P467 (0,0)
Find
Reply
Mauzen
High-roller
*****
Posts: 4,878
Threads: 85
Joined: Jun 2007
Reputation: 0
#2

02.12.2011, 09:56
I dont like those "URGENT" topics by people who think they or their servers are more important than others...

However, ban him, or try to return 0 in OnPlayerUpdate for him to prevent them from streaming in.
I dont think you can do much about it scriptwise, probably just with a new samp version to fix this exploit, but 0.3d just came out, so URGENT wont help here, youll need some patience.
Find
Reply
Kalcor
SA-MP Developer
******
Posts: 1,180
Threads: 55
Joined: Apr 2005
Reputation: 0
#3

03.12.2011, 05:46
Check the player's weapon ID in OnPlayerUpdate and make sure they can't use any invalid weapons or weapons that aren't available on your server.

I'm pretty sure this problem couldn't occur on 0.3d.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP
  3. Bug Reports