[leong124]

Today my server was crashed by a player who seemed to be sending null commands to the server when they connect my server. Crashdetector reports that there was invalid memory access:

Code:

[2012-12-22 17:15:45] [join] ********* has joined the server (0:***.***.***.***)
[2012-12-22 17:15:47] [debug] Run time error 5: "Invalid memory access"
[2012-12-22 17:15:47] [debug] AMX backtrace:
[2012-12-22 17:15:48] [debug] #0 00000288 in public OnPlayerCommandText (playerid=0, cmdtext[]=@0x0006f098 "") at D:\Program Files (x86)\Rockstar Games\GTA San Andreas\pawno\include\zcmd.inc:92
[2012-12-22 17:15:48] [debug] Run time error 5: "Invalid memory access"
[2012-12-22 17:15:48] [debug] AMX backtrace:
[2012-12-22 17:15:48] [debug] #0 00000378 in public OnPlayerCommandText (playerid=0, cmdtext[]=@0x00061f38 "") at D:\Program Files (x86)\Rockstar Games\GTA San Andreas\pawno\include\zcmd.inc:92
[2012-12-22 17:15:48] [debug] Server crashed while executing scfri.amx
[2012-12-22 17:15:48] [debug] AMX backtrace:
[2012-12-22 17:15:48] [debug] #0 native CallLocalFunction () [00472c00] from samp-server.exe
[2012-12-22 17:15:48] [debug] #1 0000298c in public OnPlayerCommandText (playerid=0, cmdtext[]=@0x003f2e88 "") at D:\Program Files (x86)\Rockstar Games\GTA San Andreas\pawno\include\zcmd.inc:87
[2012-12-22 17:15:48] [debug] System backtrace:
[2012-12-22 17:15:48] [debug] #0 004010b6 in ?? () from D:\Program Files\samp_server\samp-server.exe
[2012-12-22 17:15:48] [debug] #1 00d73c32 in ?? () from D:\Program Files\samp_server\plugins\crashdetect.dll
[2012-12-22 17:15:48] [debug] #2 00d76076 in ?? () from D:\Program Files\samp_server\plugins\crashdetect.dll
[2012-12-22 17:15:48] [debug] #3 00d6c05a in ?? () from D:\Program Files\samp_server\plugins\crashdetect.dll
[2012-12-22 17:15:48] [debug] #4 00d73c5e in ?? () from D:\Program Files\samp_server\plugins\crashdetect.dll
[2012-12-22 17:15:48] [debug] #5 0046d9d0 in ?? () from D:\Program Files\samp_server\samp-server.exe

zcmd:

pawn Code:

public OnPlayerCommandText(playerid, cmdtext[])
{
    state zcmd:y;
    if (zcmd_g_HasOPCS && !CallLocalFunction("OnPlayerCommandReceived","ds",playerid, cmdtext)) return 1;//line 87
    new
        pos = 1,
        funcname[MAX_FUNC_NAME] = "cmd_",
        funcname2[MAX_FUNC_NAME] = "";
    while (pos <= MAX_FUNC_NAME && cmdtext[pos] > ' ') //line 92, I don't know why it crashes here
    {       
        funcname2[pos-1] = tolower(cmdtext[pos]); 
        pos++;
    }
    strcat(funcname, funcname2);
    #if defined FILTERSCRIPT
    if(!zcmd_g_HasOPCS && funcidx(funcname) != -1 && !CallRemoteFunction("OnPlayerCommandReceived", "is", playerid, cmdtext)) return 1;
    #endif
    while (cmdtext[pos] == ' ') pos++;
    if (!cmdtext[pos]) 
    {
        if (zcmd_g_HasOPCE) return zcmd_OnPlayerCommandPerformed(playerid, cmdtext, CallLocalFunction(funcname, "is", playerid, "\1"));
        return CallLocalFunction(funcname, "is", playerid, "\1");
    }   
    if (zcmd_g_HasOPCE) return zcmd_OnPlayerCommandPerformed(playerid, cmdtext, CallLocalFunction(funcname, "is", playerid, cmdtext[pos]));
    return CallLocalFunction(funcname, "is", playerid, cmdtext[pos]);
}

I compiled everything with debug labels but crashdetect still outputs the memory address only.

I'm not reporting about zcmd here. I want to ask why can players send an empty command to the server? I guess it is a vulnerability of the server.