Currently regulates the usage of CMSG_CHAR_ENUM only, but can be easily
extended to detect inappropriate network behaviour by using
AntiDOS.AllowOpcode in WorldSession's handlers.
These were non-wdb fields that didn't have much use.
Most quests that were using these fields (not many) should still work,
however, if you find any quest that worked before and is now broken
please report it in the issue tracker and it will be promptly fixed.
Mind Vision has Aura Effect SPELL_AURA_BIND_SIGHT which adds the target to a special Map container i_objectsToSwitch, used to switch grid containers for target Creatures of this Aura Effect.
When the target is a Creature, when the Creature is removed from world it's added to i_objectsToSwitch and then to i_objectsToRemove, iterated in this order in Map::RemoveAllObjectsInRemoveList() so the reference in i_objectsToSwitch is valid.
When the target is a Player, when the Player logs out it's added to i_objectsToSwitch but then Map::RemovePlayerFromMap() deletes the Player, leaving an invalid reference in i_objectsToSwitch.
Since the whole point of i_objectsToSwitch is to store Creatures and since the stored references are used only if the condition "GetTypeId() == TYPEID_UNIT" is verified, it's safe to add only objects of TYPEID_UNIT type to the container.
Valgrind log:
Invalid read of size 4
at 0xC52332: Object::GetTypeId() const (Object.h:140)
by 0xF540D3: Map::RemoveAllObjectsInRemoveList() (Map.cpp:2136)
by 0xF53CD2: Map::DelayedUpdate(unsigned int) (Map.cpp:2087)
by 0xF639B1: MapManager::Update(unsigned int) (MapManager.cpp:292)
by 0x107CB40: World::Update(unsigned int) (World.cpp:2025)
by 0xBEB263: WorldRunnable::run() (WorldRunnable.cpp:60)
by 0x1213792: ACE_Based::Thread::ThreadTask(void*) (Threading.cpp:186)
by 0x515EA35: ACE_OS_Thread_Adapter::invoke() (in /usr/lib/libACE-6.0.3.so)
by 0x5F19F8D: start_thread (pthread_create.c:311)
by 0x6A46E1C: clone (clone.S:113)
Address 0x401eacac is 12 bytes inside a block of size 11,736 free'd
at 0x4C2B59C: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0xD80239: Player::~Player() (Player.cpp:915)
by 0xF4D5A2: void Map::DeleteFromWorld<Player>(Player*) (Map.cpp:319)
by 0xF4EBBB: Map::RemovePlayerFromMap(Player*, bool) (Map.cpp:687)
by 0xFCC18D: WorldSession::LogoutPlayer(bool) (WorldSession.cpp:531)
by 0xF1EDD5: WorldSession::HandleLogoutRequestOpcode(WorldPacket&) (MiscHandler.cpp:403)
by 0xFCAE37: WorldSession::Update(unsigned int, PacketFilter&) (WorldSession.cpp:312)
by 0x107EBC6: World::UpdateSessions(unsigned int) (World.cpp:2615)
by 0x107C94B: World::Update(unsigned int) (World.cpp:1978)
by 0xBEB263: WorldRunnable::run() (WorldRunnable.cpp:60)
by 0x1213792: ACE_Based::Thread::ThreadTask(void*) (Threading.cpp:186)
by 0x515EA35: ACE_OS_Thread_Adapter::invoke() (in /usr/lib/libACE-6.0.3.so)
Fix GuildMember flags left uninitialized when creating a new guild.
Valgrind log:
Conditional jump or move depends on uninitialised value(s)
at 0xEE49CE: Guild::Member::WritePacket(WorldPacket&) const (Guild.cpp:714)
by 0xEE721E: Guild::HandleRoster(WorldSession*) (Guild.cpp:1314)
by 0xEE9EBA: Guild::SendLoginInfo(WorldSession*) (Guild.cpp:1920)
by 0xEEB689: Guild::AddMember(unsigned long, unsigned char) (Guild.cpp:2230)
by 0xEE6A09: Guild::Create(Player*, std::string const&) (Guild.cpp:1199)
by 0x12A71F9: guild_commandscript::HandleGuildCreateCommand(ChatHandler*, char const*) (cs_guild.cpp:92)
by 0xC47DBE: ChatHandler::ExecuteCommandInTable(ChatCommand*, char const*, std::string const&) (Chat.cpp:362)
by 0xC47C23: ChatHandler::ExecuteCommandInTable(ChatCommand*, char const*, std::string const&) (Chat.cpp:343)
by 0xC488C4: ChatHandler::ParseCommands(char const*) (Chat.cpp:489)
by 0x1188EE3: WorldSession::HandleMessagechatOpcode(WorldPacket&) (ChatHandler.cpp:217)
by 0xFCAE37: WorldSession::Update(unsigned int, PacketFilter&) (WorldSession.cpp:312)
by 0x107EBC6: World::UpdateSessions(unsigned int) (World.cpp:2615)
Modify how InstanceSave is deleted so the local mutex can be released before deleting the class itself.
Valgrind log:
Invalid read of size 4
at 0x662662B: __pthread_mutex_unlock_usercnt (pthread_mutex_unlock.c:52)
by 0x55D3C55: ACE_OS::mutex_unlock(pthread_mutex_t*) (OS_NS_Thread.cpp:2335)
by 0xB20057: Player::CleanupsBeforeDelete(bool) (OS_NS_Thread.inl:3519)
by 0xD0E2FA: WorldSession::LogoutPlayer(bool) (WorldSession.cpp:527)
by 0xC66D34: WorldSession::HandleLogoutRequestOpcode(WorldPacket&) (MiscHandler.cpp:403)
by 0xD0EA82: WorldSession::Update(unsigned int, PacketFilter&) (WorldSession.cpp:312)
by 0xD9AD66: World::UpdateSessions(unsigned int) (World.cpp:2615)
by 0xD9BEC4: World::Update(unsigned int) (World.cpp:1978)
by 0xA035E5: WorldRunnable::run() (WorldRunnable.cpp:60)
by 0xEC8D39: ACE_Based::Thread::ThreadTask(void*) (Threading.cpp:183)
by 0x55D7555: ACE_OS_Thread_Adapter::invoke() (OS_Thread_Adapter.cpp:103)
by 0x6622B4F: start_thread (pthread_create.c:304)
Address 0x1884bb08 is 56 bytes inside a block of size 104 free'd
at 0x4C279DC: operator delete(void*) (vg_replace_malloc.c:457)
by 0xC9D533: InstanceSaveManager::RemoveInstanceSave(unsigned int) (InstanceSaveMgr.cpp:159)
by 0xC9E826: InstanceSave::UnloadIfEmpty() (InstanceSaveMgr.cpp:238)
by 0xB2003E: Player::CleanupsBeforeDelete(bool) (InstanceSaveMgr.h:84)
by 0xD0E2FA: WorldSession::LogoutPlayer(bool) (WorldSession.cpp:527)
by 0xC66D34: WorldSession::HandleLogoutRequestOpcode(WorldPacket&) (MiscHandler.cpp:403)
by 0xD0EA82: WorldSession::Update(unsigned int, PacketFilter&) (WorldSession.cpp:312)
by 0xD9AD66: World::UpdateSessions(unsigned int) (World.cpp:2615)
by 0xD9BEC4: World::Update(unsigned int) (World.cpp:1978)
by 0xA035E5: WorldRunnable::run() (WorldRunnable.cpp:60)
by 0xEC8D39: ACE_Based::Thread::ThreadTask(void*) (Threading.cpp:183)
by 0x55D7555: ACE_OS_Thread_Adapter::invoke() (OS_Thread_Adapter.cpp:103)
m_MonthlyQuestChanged was initialized only when loading a Player from DB and left uninitialized when creating a new Player.
Valgrind log:
Conditional jump or move depends on uninitialised value(s)
at 0x1148E2A: Player::_SaveMonthlyQuestStatus(Trinity::AutoPtr<Transaction, ACE_Thread_Mutex>&) (Player.cpp:19694)
by 0x1146510: Player::SaveToDB(bool) (Player.cpp:19191)
by 0x14F5D5C: WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:660)
Closes#10620
Signed-off-by: Nay <dnpd.dd@gmail.com>
Initialized UpdateMask::_bits to NULL in all constructors.
UpdateMask(UpdateMask const& right) constructor sets the field count with SetCount() method before any field initialization. This means that SetCount() will call delete[] on the uninitialized _bits pointer field, leading to undefined behavior.
Remove mutex from BigNumber class - it didn't do what it was advertised to do - consider using the "locked" array outside of the function in which it was "locked".
