Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CRASH in version 1.4.1 #46

Open
RodrigoMSR opened this issue Feb 21, 2021 · 11 comments
Open

CRASH in version 1.4.1 #46

RodrigoMSR opened this issue Feb 21, 2021 · 11 comments
Labels
windows only

Comments

@RodrigoMSR
Copy link

RodrigoMSR commented Feb 21, 2021
edited
Loading

Hello,

I was using version 1.3.0 of the plugin, and I have never had a server crash problem for years. However, when I upgraded to version 1.4.1, crashes started happening randomly, once every 1-3 days.

server_log.txt:

[21/02/2021 03:32:47] [debug] Server crashed due to an unknown error
[21/02/2021 03:32:47] [debug] Native backtrace:
[21/02/2021 03:32:47] [debug] #0 f7a4de8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #1 f7a46bcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #2 f7a47dbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #3 f7a48226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #4 f7a4dadc in ?? () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #5 f7f26090 in __kernel_rt_sigreturn () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #6 f7f26069 in __kernel_vsyscall () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #7 f7aa0382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #8 f7a8a2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #9 f7de1ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #10 f7de9094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #11 f7de90fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #12 f7de93fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #13 f6330371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #14 f633e344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #15 080aed6d in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #16 080aef32 in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #17 080aa16a in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #18 f7a8bb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #19 0804b4e1 in ?? () from ./samp03svr
@RodrigoMSR
Copy link
Author

RodrigoMSR commented Feb 21, 2021
edited
Loading

I did some tests and I think the reason for this crash is when I rewrite a sync packet exceeding the original length. I managed to reproduce the same errors in the log.

I use BS_SetWriteOffset with 280 bits to change only health / armor in the onfoot sync. Some player probably sent an invalid packet (smaller than expected), so I would be writing to a part of the packet that doesn't exist.

It also occurs with BS_WriteOnFootSync, BS_WriteInCarSync, etc.

@katursis
Copy link
Owner

Attach full server_log.txt and example.pwn (to reproduce the error), please.

@katursis
Copy link
Owner

I guess you need to delete "BS_SetWriteOffset(bs, 0)" or "BS_ResetWritePointer(bs)" calls (if existing).

@RodrigoMSR
Copy link
Author

RodrigoMSR commented Feb 22, 2021
edited
Loading

I don't know how to simulate an invalid packet, so I tested it this way:

public OnIncomingPacket(playerid, packetid, BitStream:bs)
{
	if(packetid == 207) //PLAYER_SYNC
	{
		BS_SetWriteOffset(bs, 552);
		
		BS_WriteValue(
			bs,
			PR_UINT8, 0 //exceeding the total bits of the onfoot sync (552)
		);
		
		printf("this prints before the crash");
	}
	return 1;
}

This will crash the server.

Edit: this code, without BS_ResetWritePointer, crashes in Windows, but not on Linux. Deleting BS_ResetWritePointer really prevents crash on Linux. I'm using BS_ResetWritePointer in my code, but what I did to fix it was to check the size of the packet before writing it.

server_log.txt (Linux):

[22/02/2021 18:58:52] [debug] Server crashed due to an unknown error
[22/02/2021 18:58:52] [debug] Native backtrace:
[22/02/2021 18:58:52] [debug] #0 f7af1e8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #1 f7aeabcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #2 f7aebdbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #3 f7aec226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #4 f7af1adc in ?? () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #5 f7fca090 in __kernel_rt_sigreturn () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #6 f7fca069 in __kernel_vsyscall () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #7 f7b44382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #8 f7b2e2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #9 f7e85ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #10 f7e8d094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #11 f7e8d0fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #12 f7e8d3fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #13 f02f9371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #14 f0307344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #15 080aed6d in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #16 080aef32 in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #17 080aa16a in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #18 f7b2fb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #19 0804b4e1 in ?? () from ./samp03svr

@katursis
Copy link
Owner

  1. I need full server_log.txt, not just crashlog.
  2. Why are you using BS_ResetWritePointer? Show by example how.

@RodrigoMSR
Copy link
Author

  1. Ok, but the full server_log is 80MB, so I cut out a lot of it.

----------
Loaded log file: "server_log.txt".
----------

SA-MP Dedicated Server
----------------------
v0.3.7-R3, (C)2005-2019 SA-MP Team

[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] Server Plugins
[20/02/2021 05:00:07] --------------
[20/02/2021 05:00:07]  Loading plugin: crashdetect.so
[20/02/2021 05:00:07]   CrashDetect v4.15.1 is OK.
[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: streamer.so
[20/02/2021 05:00:07] 

*** Streamer Plugin v2.9.4 by Incognito loaded ***

[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: sscanf.so
[20/02/2021 05:00:07] 

[20/02/2021 05:00:07]  ===============================

[20/02/2021 05:00:07]       sscanf plugin loaded.     

[20/02/2021 05:00:07]          Version:  2.8.3        

[20/02/2021 05:00:07]   (c) 2018 Alex "Y_Less" Cole  

[20/02/2021 05:00:07]  ===============================

[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: mysql.so
[20/02/2021 05:00:07]  >> plugin.mysql: R41-4 successfully loaded.
[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: filemanager.so
[20/02/2021 05:00:07] ******************
[20/02/2021 05:00:07] ** FILE MANAGER **
[20/02/2021 05:00:07] **    Loaded    **
[20/02/2021 05:00:07] ** Version 1.5 **
[20/02/2021 05:00:07] ******************
[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: pawnraknet.so
[20/02/2021 05:00:07] [Pawn.RakNet] 

    | Pawn.RakNet 1.4.1 | 2016 - 2020
    |--------------------------------
    | Author and maintainer: urShadow


    | Compiled: Jun 18 2020 at 11:28:17
    |--------------------------------------------------------------
    | Forum thread: https://forum.sa-mp.com/showthread.php?t=640306
    |--------------------------------------------------------------
    | Repository: https://github.com/urShadow/Pawn.RakNet
    |--------------------------------------------------------------
    | Wiki: https://github.com/urShadow/Pawn.RakNet/wiki

[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loaded 6 plugins.

[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] Ban list
[20/02/2021 05:00:07] --------
[20/02/2021 05:00:07]  Loaded: samp.ban
[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] Filterscripts
[20/02/2021 05:00:07] ---------------
[20/02/2021 05:00:07]   Loading filterscript 'anticheat.amx'...
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  |        YSI version 4.00.0001        | 
[20/02/2021 05:00:07]  |        By Alex "Y_Less" Cole        | 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07] --- Anticheat v2.0 loaded successfully!
[20/02/2021 05:00:07]   Loading filterscript 'objects.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'bases.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'rcon_cmds.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'HGps.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'Ints.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'mapfix.amx'...
[20/02/2021 05:00:07]   MapFix by Nexius v3.9.4 loaded (filterscript version).
[20/02/2021 05:00:07]   Loading filterscript 'is_android.amx'...
[20/02/2021 05:00:07]   Loaded 8 filterscripts.

[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  |        YSI version 4.00.0001        | 
[20/02/2021 05:00:07]  |        By Alex "Y_Less" Cole        | 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  
[20/02/2021 05:00:12] Warning: Minimum time between new connections (300) exceeded for 187.61.119.92:7576. Ignoring the request.
[20/02/2021 05:00:12] Warning: Minimum time between new connections (300) exceeded for 177.125.122.167:22723. Ignoring the request.
[20/02/2021 05:00:13] Warning: Minimum time between new connections (300) exceeded for 177.47.71.44:26625. Ignoring the request.
[20/02/2021 05:00:13] Warning: Minimum time between new connections (300) exceeded for 179.222.46.20:57547. Ignoring the request.
[20/02/2021 05:00:14] Warning: Minimum time between new connections (300) exceeded for 177.47.71.44:26625. Ignoring the request.
[20/02/2021 05:00:14] Warning: Minimum time between new connections (300) exceeded for 177.21.84.27:51492. Ignoring the request.
[20/02/2021 05:00:15] Warning: Minimum time between new connections (300) exceeded for 200.161.50.76:51204. Ignoring the request.
[20/02/2021 05:00:15] Warning: Minimum time between new connections (300) exceeded for 186.226.162.231:44101. Ignoring the request.
[20/02/2021 05:00:16] Conexao ao banco de dados MySQL efetuada com sucesso
[20/02/2021 05:00:16] Warning: Minimum time between new connections (300) exceeded for 200.161.50.76:51204. Ignoring the request.
[20/02/2021 05:00:16] Warning: Minimum time between new connections (300) exceeded for 189.89.223.152:60775. Ignoring the request.
[20/02/2021 05:00:16] Loaded 17 ZvH maps
[20/02/2021 05:00:16] Loaded 8 Battle Royale maps
[20/02/2021 05:00:16] Derby: Loaded 59 DEFAULT maps
[20/02/2021 05:00:16] Derby: Loaded 26 DD maps
[20/02/2021 05:00:16] Derby: Loaded 25 CW maps
[20/02/2021 05:00:16] Loaded 21 Shooter maps
[20/02/2021 05:00:16] DM Race: Loaded 296 Easy DM maps
[20/02/2021 05:00:16] DM Race: Loaded 167 Race DM maps
[20/02/2021 05:00:16] DM Race: Loaded 21 Hard DM maps
[20/02/2021 05:00:17] Loaded 11 Fall maps
[20/02/2021 05:00:17] Loaded 70 A/D maps
[20/02/2021 05:00:17] 

[20/02/2021 05:00:17]   |-------------------------------------------------------
[20/02/2021 05:00:17]   |--- Multimode carregado com sucesso!
[20/02/2021 05:00:17]   |--  Server v4.5
[20/02/2021 05:00:17]   |--  (C) 2017 Stunts. Todos os direitos reservados
[20/02/2021 05:00:17]   |-------------------------------------------------------
[20/02/2021 05:00:17] 

[20/02/2021 05:00:17] Number of vehicle models: 123
[20/02/2021 05:00:17] [connection] incoming connection: 46.106.126.52:6379 id: 0
[20/02/2021 05:00:17] [join] Psoria has joined the server (0:46.106.126.52)
[20/02/2021 05:00:17] [connection] incoming connection: 36.74.43.59:25810 id: 1
[20/02/2021 05:00:17] [connection] incoming connection: 5.44.168.153:59716 id: 2
[20/02/2021 05:00:17] [join] Ragna has joined the server (1:36.74.43.59)
[20/02/2021 05:00:17] [connection] incoming connection: 187.61.119.92:7576 id: 3
[20/02/2021 05:00:17] [join] dontcrybaby. has joined the server (2:5.44.168.153)
[20/02/2021 05:00:17] [connection] incoming connection: 131.161.135.157:65523 id: 4
[20/02/2021 05:00:17] [join] XHardCbug has joined the server (3:187.61.119.92)
[20/02/2021 05:00:17] [connection] incoming connection: 107.182.231.206:52264 id: 5
[20/02/2021 05:00:17] [join] Paperback has joined the server (4:131.161.135.157)
[20/02/2021 05:00:17] [connection] incoming connection: 177.92.187.234:38584 id: 6
[20/02/2021 05:00:17] [join] Pedro.old has joined the server (5:107.182.231.206)
[20/02/2021 05:00:17] [connection] incoming connection: 179.222.46.20:57547 id: 7
[20/02/2021 05:00:17] [connection] incoming connection: 187.111.132.143:10641 id: 8


......................................


[21/02/2021 03:32:35] CMD: [ID:10] Rodrigo.old digitou '/sair'
[21/02/2021 03:32:35] CMD: [ID:6] [TF]AimBeacker digitou '/pc'
[21/02/2021 03:32:36] CMD: [ID:30] [PCC]Luiz.2906 digitou '/clans'
[21/02/2021 03:32:36] CMD: [ID:10] Rodrigo.old digitou '/clans'
[21/02/2021 03:32:38] CMD: [ID:48] [Girlz].Six digitou '/config'
[21/02/2021 03:32:39] CMD: [ID:24] Ryan_Lira digitou '/r meu cell tem isso, pqp q bglh chato vei'
[21/02/2021 03:32:39] CMD: [ID:22] MrThomasaum digitou '/convidarclan'
[21/02/2021 03:32:39] CMD: [ID:15] FelpsZ digitou '/v'
[21/02/2021 03:32:40] [death] [TF]AimBeacker died 255
[21/02/2021 03:32:40] CMD: [ID:20] [ARG]GHOST[SAO] digitou '/v'
[21/02/2021 03:32:41] [death] [SCS]Paperback died 255
[21/02/2021 03:32:41] CMD: [ID:16] Lucas_Gamer digitou '/DMRACE'
[21/02/2021 03:32:42] CMD: [ID:1] Scottinho.Us digitou '/VM RA'
[21/02/2021 03:32:42] CMD: [ID:10] Rodrigo.old digitou '/clans'
[21/02/2021 03:32:44] [connection] incoming connection: 179.51.164.143:6372 id: 23
[21/02/2021 03:32:44] CMD: [ID:6] [TF]AimBeacker digitou '/pc'
[21/02/2021 03:32:44] [death] xont.wy died 255
[21/02/2021 03:32:44] CMD: [ID:9] sonnyn_cj digitou '/colete'
[21/02/2021 03:32:45] CMD: [ID:14] Yago_SAMP digitou '/car sult'
[21/02/2021 03:32:45] CMD: [ID:41] [STT]Adrian digitou '/ban 12 Cheater'
[21/02/2021 03:32:45] [debug] samp launcher packet received
[21/02/2021 03:32:45] [join] GABRIEL_RT has joined the server (23:179.51.164.143)
[21/02/2021 03:32:45] CMD: [ID:3] kbk digitou '/HELP'
[21/02/2021 03:32:46] [part] Eaten_Bee has left the server (12:2)
[21/02/2021 03:32:46] CMD: [ID:30] [PCC]Luiz.2906 digitou '/aceitarclan'
[21/02/2021 03:32:47] [debug] Server crashed due to an unknown error
[21/02/2021 03:32:47] [debug] Native backtrace:
[21/02/2021 03:32:47] [debug] #0 f7a4de8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #1 f7a46bcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #2 f7a47dbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #3 f7a48226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #4 f7a4dadc in ?? () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #5 f7f26090 in __kernel_rt_sigreturn () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #6 f7f26069 in __kernel_vsyscall () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #7 f7aa0382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #8 f7a8a2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #9 f7de1ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #10 f7de9094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #11 f7de90fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #12 f7de93fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #13 f6330371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #14 f633e344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #15 080aed6d in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #16 080aef32 in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #17 080aa16a in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #18 f7a8bb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #19 0804b4e1 in ?? () from ./samp03svr
  1. There is no reason for me to use BS_ResetWritePointer, I already removed it from my code.

My old code:

hook OnIncomingPacket(playerid, packetid, BitStream:bs)
{
	if(playerid == -1) return 1;
	
	switch(packetid)
	{
		case PLAYER_SYNC:
		{
			if(IsWasted(playerid)) return Y_HOOKS_BREAK_RETURN_0;
			
			BS_SetReadOffset(bs, 8 + 16 + 16 + 16 + (3*32) + (4*32)); //UINT8, UINT16, UINT16, UINT16, PR_FLOAT3, PR_FLOAT4
			
			new health, armour;
			
			BS_ReadValue(
				bs,
				PR_UINT8, health
			);
			
			if(0 < health - s_Health[playerid] <= 35)
			{
				Damage_CheckVendMachine(playerid, float(health));
			}
			
			health = floatround(s_Health[playerid], floatround_floor);
			armour = floatround(s_Armour[playerid], floatround_floor);
			
			BS_SetWriteOffset(bs, 8 + 16 + 16 + 16 + (3*32) + (4*32));
			
			BS_WriteValue(
				bs,
				PR_UINT8, health,
				PR_UINT8, armour
			);
			
			BS_ResetReadPointer(bs);
			BS_ResetWritePointer(bs);
		}
		case VEHICLE_SYNC:
		{
			if(IsWasted(playerid)) return Y_HOOKS_BREAK_RETURN_0;
			
			new inCarData[PR_InCarSync];
			
			BS_IgnoreBits(bs, 8);
			BS_ReadInCarSync(bs, inCarData);
			
			inCarData[PR_playerHealth] = floatround(s_Health[playerid], floatround_floor);
			inCarData[PR_armour] = floatround(s_Armour[playerid], floatround_floor);
			
			
			
			//----------------- Vehicle keys -----------------
			if(inCarData[PR_keys] & KEY_FIRE || inCarData[PR_keys] & KEY_ACTION)
			{
				new gm = GetGameMode(playerid), model = GetVehicleModel(inCarData[PR_vehicleId]);
				
				if((gm == GM_FREE && (model == 407 || model == 601)) || (gm == GM_CnR && (model == 425 || model == 520)))
				{
					inCarData[PR_keys] &= ~(KEY_FIRE | KEY_ACTION);
				}
			}
			//---------------------------------------------------
			
			
			
			BS_SetWriteOffset(bs, 8);
			BS_WriteInCarSync(bs, inCarData);
			
			BS_ResetReadPointer(bs);
			BS_ResetWritePointer(bs);
		}
		case PASSENGER_SYNC:
		{
			if(IsWasted(playerid)) return Y_HOOKS_BREAK_RETURN_0;
			
			new health, armour;
			
			health = floatround(s_Health[playerid], floatround_floor);
			armour = floatround(s_Armour[playerid], floatround_floor);
			
			BS_SetWriteOffset(bs, 8 + 16 + 2 + 6 + 2 + 6);
			
			BS_WriteValue(
				bs,
				PR_UINT8, health,
				PR_UINT8, armour
			);
			
			BS_ResetWritePointer(bs);
		}
	}
	return 1;
}

@katursis
Copy link
Owner

Function BS_ResetWritePointer empties BitStream data. No reason to use it after BS_WriteValue, it is nonsense.

I think it is a cause of the issue.

without BS_ResetWritePointer, crashes in Windows

Are you sure?

@RodrigoMSR
Copy link
Author

Yes, I've tested again this code on Windows.


----------
Loaded log file: "server_log.txt".
----------

SA-MP Dedicated Server
----------------------
v0.3.7-R3, (C)2005-2019 SA-MP Team

[23/02/2021 08:19:23] 
[23/02/2021 08:19:23] Server Plugins
[23/02/2021 08:19:23] --------------
[23/02/2021 08:19:23]  Loading plugin: crashdetect.dll
[23/02/2021 08:19:23]   CrashDetect v4.15.1 is OK.
[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: streamer.dll
[23/02/2021 08:19:23] 

*** Streamer Plugin v2.9.4 by Incognito loaded ***

[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: sscanf.dll
[23/02/2021 08:19:23] 

[23/02/2021 08:19:23]  ===============================

[23/02/2021 08:19:23]       sscanf plugin loaded.     

[23/02/2021 08:19:23]          Version:  2.8.3        

[23/02/2021 08:19:23]   (c) 2018 Alex "Y_Less" Cole  

[23/02/2021 08:19:23]  ===============================

[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: mysql.dll
[23/02/2021 08:19:23]  >> plugin.mysql: R41-4 successfully loaded.
[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: pawnraknet.dll
[23/02/2021 08:19:23] [Pawn.RakNet] 

    | Pawn.RakNet 1.4.1 | 2016 - 2020
    |--------------------------------
    | Author and maintainer: urShadow


    | Compiled: Jun 18 2020 at 14:19:11
    |--------------------------------------------------------------
    | Forum thread: https://forum.sa-mp.com/showthread.php?t=640306
    |--------------------------------------------------------------
    | Repository: https://github.com/urShadow/Pawn.RakNet
    |--------------------------------------------------------------
    | Wiki: https://github.com/urShadow/Pawn.RakNet/wiki

[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: filemanager.dll
[23/02/2021 08:19:23] ******************
[23/02/2021 08:19:23] ** FILE MANAGER **
[23/02/2021 08:19:23] **    Loaded    **
[23/02/2021 08:19:23] ** Version 1.5 **
[23/02/2021 08:19:23] ******************
[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loaded 6 plugins.

[23/02/2021 08:19:23] 
[23/02/2021 08:19:23] Filterscripts
[23/02/2021 08:19:23] ---------------
[23/02/2021 08:19:23]   Loading filterscript 'anticheat.amx'...
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23]  ======================================= 
[23/02/2021 08:19:23]  |                                     | 
[23/02/2021 08:19:23]  |        YSI version 4.00.0001        | 
[23/02/2021 08:19:23]  |        By Alex "Y_Less" Cole        | 
[23/02/2021 08:19:23]  |                                     | 
[23/02/2021 08:19:23]  ======================================= 
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23] --- Anticheat v2.0 loaded successfully!
[23/02/2021 08:19:23]   Loading filterscript 'objects.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'bases.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'rcon_cmds.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'HGps.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'Ints.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'mapfix.amx'...
[23/02/2021 08:19:23]   MapFix by Nexius v3.9.4 loaded (filterscript version).
[23/02/2021 08:19:23]   Loading filterscript 'is_android.amx'...
[23/02/2021 08:19:24]   Loaded 8 filterscripts.

[23/02/2021 08:19:24]  
[23/02/2021 08:19:24]  
[23/02/2021 08:19:24]  
[23/02/2021 08:19:24]  ======================================= 
[23/02/2021 08:19:24]  |                                     | 
[23/02/2021 08:19:24]  |        YSI version 4.00.0001        | 
[23/02/2021 08:19:24]  |        By Alex "Y_Less" Cole        | 
[23/02/2021 08:19:24]  |                                     | 
[23/02/2021 08:19:24]  ======================================= 
[23/02/2021 08:19:24]  
[23/02/2021 08:19:29] Conexao ao banco de dados MySQL efetuada com sucesso
[23/02/2021 08:19:31] Loaded 17 ZvH maps
[23/02/2021 08:19:31] Loaded 8 Battle Royale maps
[23/02/2021 08:19:31] Derby: Loaded 1 DEFAULT maps
[23/02/2021 08:19:31] Derby: Loaded 7 DD maps
[23/02/2021 08:19:31] Derby: Loaded 1 CW maps
[23/02/2021 08:19:31] Loaded 3 Shooter maps
[23/02/2021 08:19:31] DM Race: Loaded 0 Easy DM maps
[23/02/2021 08:19:31] DM Race: Loaded 0 Race DM maps
[23/02/2021 08:19:31] DM Race: Loaded 0 Hard DM maps
[23/02/2021 08:19:31] Loaded 11 Fall maps
[23/02/2021 08:19:31] Loaded 71 A/D maps
[23/02/2021 08:19:31] 

[23/02/2021 08:19:31]   |-------------------------------------------------------
[23/02/2021 08:19:31]   |--- Multimode carregado com sucesso!
[23/02/2021 08:19:31]   |--  Server v4.5
[23/02/2021 08:19:31]   |--  (C) 2017 Stunts. Todos os direitos reservados
[23/02/2021 08:19:31]   |-------------------------------------------------------
[23/02/2021 08:19:31] 

[23/02/2021 08:19:31] Number of vehicle models: 123
[23/02/2021 08:19:48] [connection] incoming connection: 127.0.0.1:56702 id: 0
[23/02/2021 08:19:49] [join] [STT]Rodrigo[DN] has joined the server (0:127.0.0.1)
[23/02/2021 08:19:56] this prints before the crash
[23/02/2021 08:19:56] [debug] Server crashed due to an unknown error
[23/02/2021 08:19:56] [debug] Native backtrace:
[23/02/2021 08:19:56] [debug] #0 77c55e2c in ?? () from C:\Windows\SYSTEM32\ntdll.dll
[23/02/2021 08:19:56] [debug] #1 77c18786 in ?? () from C:\Windows\SYSTEM32\ntdll.dll
[23/02/2021 08:19:56] [debug] #2 00498f01 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #3 00450046 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #4 00491141 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #5 0049127c in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #6 0048d4fb in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #7 0049b591 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #8 0049b5a1 in ?? () from samp-server.exe

@Dmitriy51
Copy link

Dmitriy51 commented Mar 31, 2021
edited
Loading

I don't know how to simulate an invalid packet, so I tested it this way:

public OnIncomingPacket(playerid, packetid, BitStream:bs)
{
	if(packetid == 207) //PLAYER_SYNC
	{
		BS_SetWriteOffset(bs, 552);
		
		BS_WriteValue(
			bs,
			PR_UINT8, 0 //exceeding the total bits of the onfoot sync (552)
		);
		
		printf("this prints before the crash");
	}
	return 1;
}

This will crash the server.

Edit: this code, without BS_ResetWritePointer, crashes in Windows, but not on Linux. Deleting BS_ResetWritePointer really prevents crash on Linux. I'm using BS_ResetWritePointer in my code, but what I did to fix it was to check the size of the packet before writing it.

server_log.txt (Linux):

[22/02/2021 18:58:52] [debug] Server crashed due to an unknown error
[22/02/2021 18:58:52] [debug] Native backtrace:
[22/02/2021 18:58:52] [debug] #0 f7af1e8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #1 f7aeabcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #2 f7aebdbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #3 f7aec226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #4 f7af1adc in ?? () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #5 f7fca090 in __kernel_rt_sigreturn () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #6 f7fca069 in __kernel_vsyscall () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #7 f7b44382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #8 f7b2e2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #9 f7e85ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #10 f7e8d094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #11 f7e8d0fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #12 f7e8d3fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #13 f02f9371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #14 f0307344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #15 080aed6d in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #16 080aef32 in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #17 080aa16a in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #18 f7b2fb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #19 0804b4e1 in ?? () from ./samp03svr

you confuse something, max for this packet is 456, not 552

@RodrigoMSR
Copy link
Author

@Dmitriy51

Code from plugin include:

BS_ReadValue(
	bs,
	PR_UINT16, data[PR_lrKey],
	PR_UINT16, data[PR_udKey],
	PR_UINT16, data[PR_keys],
	PR_FLOAT3, data[PR_position],
	PR_FLOAT4, data[PR_quaternion],
	PR_UINT8, data[PR_health],
	PR_UINT8, data[PR_armour],
	PR_BITS, data[PR_additionalKey], 2,
	PR_BITS, data[PR_weaponId], 6,
	PR_UINT8, data[PR_specialAction],
	PR_FLOAT3, data[PR_velocity],
	PR_FLOAT3, data[PR_surfingOffsets],
	PR_UINT16, data[PR_surfingVehicleId],
	PR_INT16, data[PR_animationId],
	PR_INT16, data[PR_animationFlags]
);

8+16+16+16+(3*32)+(4*32)+8+8+2+6+8+(3*32)+(3*32)+16+16+16 = 552 (first 8 bits is packet ID)

@Dmitriy51
Copy link

Dmitriy51 commented Apr 3, 2021
edited
Loading

@Dmitriy51

Code from plugin include:

BS_ReadValue(
	bs,
	PR_UINT16, data[PR_lrKey],
	PR_UINT16, data[PR_udKey],
	PR_UINT16, data[PR_keys],
	PR_FLOAT3, data[PR_position],
	PR_FLOAT4, data[PR_quaternion],
	PR_UINT8, data[PR_health],
	PR_UINT8, data[PR_armour],
	PR_BITS, data[PR_additionalKey], 2,
	PR_BITS, data[PR_weaponId], 6,
	PR_UINT8, data[PR_specialAction],
	PR_FLOAT3, data[PR_velocity],
	PR_FLOAT3, data[PR_surfingOffsets],
	PR_UINT16, data[PR_surfingVehicleId],
	PR_INT16, data[PR_animationId],
	PR_INT16, data[PR_animationFlags]
);

8+16+16+16+(3*32)+(4*32)+8+8+2+6+8+(3*32)+(3*32)+16+16+16 = 552 (first 8 bits is packet ID)

You are right, I forgot data[PR_surfingOffsets]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
windows only
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@katursis @RodrigoMSR @Dmitriy51