From be7d82ba8de464d0d0a817bb4adbfa81930e68d0 Mon Sep 17 00:00:00 2001 From: jackpoz Date: Fri, 30 Aug 2013 21:27:04 +0100 Subject: Core/Maps: Fix Spline triggered assert Fix an assert triggered by float to int32 cast overflowing to -1, now it replaces -1 with max int32 value. Fix another assert triggered by Vector3 magnitude float overflow to max/infinity in StaticMapTree::isInLineOfSight(), in this case return false. Both asserts can be reproduced by casting Mind Control to a NPC, tele to z: 1.0e+38 using client hack tools, move to allow the server to register the new position and stop Mind Control. Closes #8970 Closes #10578 Closes #10355 Closes #10673 --- src/server/collision/Maps/MapTree.cpp | 5 +++++ src/server/game/Movement/Spline/Spline.h | 4 ++++ 2 files changed, 9 insertions(+) (limited to 'src') diff --git a/src/server/collision/Maps/MapTree.cpp b/src/server/collision/Maps/MapTree.cpp index dc12bb68e0d..436f30eed10 100644 --- a/src/server/collision/Maps/MapTree.cpp +++ b/src/server/collision/Maps/MapTree.cpp @@ -156,6 +156,11 @@ namespace VMAP bool StaticMapTree::isInLineOfSight(const Vector3& pos1, const Vector3& pos2) const { float maxDist = (pos2 - pos1).magnitude(); + // return false if distance is over max float, in case of cheater teleporting to the end of the universe + if (maxDist == std::numeric_limits::max() || + maxDist == std::numeric_limits::infinity()) + return false; + // valid map coords should *never ever* produce float overflow, but this would produce NaNs too ASSERT(maxDist < std::numeric_limits::max()); // prevent NaN values which can cause BIH intersection to enter infinite loop diff --git a/src/server/game/Movement/Spline/Spline.h b/src/server/game/Movement/Spline/Spline.h index 42090cae71b..d4b100ee46e 100644 --- a/src/server/game/Movement/Spline/Spline.h +++ b/src/server/game/Movement/Spline/Spline.h @@ -21,6 +21,7 @@ #include "MovementTypedefs.h" #include +#include namespace Movement { @@ -184,6 +185,9 @@ public: while (i < index_hi) { new_length = cacher(*this, i); + // length overflowed, assign to max positive value + if (new_length < 0) + new_length = std::numeric_limits::max(); lengths[++i] = new_length; ASSERT(prev_length <= new_length); -- cgit v1.2.3