rheo reports: digistuff:touchscreen can be u ... #5923
Labels
No Label
1. kind/balancing
1. kind/breaking
1. kind/bug
1. kind/construction
1. kind/documentation
1. kind/enhancement
1. kind/griefing
1. kind/invalid
1. kind/meme
1. kind/node limit
1. kind/other
1. kind/protocol
2. prio/controversial
2. prio/critical
2. prio/elevated
2. prio/good first issue
2. prio/interesting
2. prio/low
3. source/art
3. source/client
3. source/engine
3. source/ingame
3. source/integration
3. source/lag
3. source/license
3. source/mod upstream
3. source/unknown
3. source/website
4. step/approved
4. step/at work
4. step/blocked
4. step/discussion
4. step/help wanted
4. step/needs confirmation
4. step/partially fixed
4. step/question
4. step/ready to deploy
4. step/ready to QA test
4. step/want approval
5. result/cannot reproduce
5. result/duplicate
5. result/fixed
5. result/maybe
5. result/wontfix
ugh/petz
ugh/QA main
ugh/QA NOK
ugh/QA OK
No Milestone
No project
No Assignees
5 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: your-land/bugtracker#5923
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
rheo reports a bug:
Player position:
Player look:
Player information:
Player meta:
Log identifier
Profiler save:
Status:
Teleport command:
Compass command:
via
upstream issue https://github.com/minetest/minetest/issues/14223
a player name frogTheSecond showed up and had a bunch of exploits. thankfully he agreed to test them on the test server instead of the main one.
upstream got fixed, though it won't be fixed for clients until the 5.9 release https://github.com/minetest/minetest/pull/14224
There's no chance to prevent that on the digiscreen itself, I assume?
Even if we disable the digiscreen until the release of the 5.9.0 client, older clients might still get crashed, right?
There's no chance to check the digiscreen for wrong values luaside?
that is do-able, but far from trivial. we'd have to correctly parse the texture modifiers and then check the results for invalid things.
the least we should do is make the touchscreen gated on mesemaker priv. i'd prefer to spend my time doing other things than implementing lex and yacc in lua.
cf. #4876, which is fortunately not craftable
i've taken the initiative to gate the touchscreen on mesemaker priv; this can be reversed easily if i've overstepped
2bca8f1990
If something is off, I sometimes take a look in that too.
The pr which fixed it mentioned similar problems in
[sheet
which got fixed.so I tested some more modifiers for zeros...
image[0,0;1,1;default_sandstone.png^[crack:0:0:0]
boom :/then I had a crazy idea:
image[0,0;1,1;default_sandstone.png^[resize:16x-1]
boom :/[fill:16x-1:#20F02080
negative values will crash too. not sure where the problem is... I mean: code says they use u32 when they read the values. Maybe too big? Maybe some func where the values are passed to doesn't use uint_*?
I would guess, nearly all image modifiers are broken...
At some point I gave up testing them...
If it would only be the
[verticalframe:0:0
, one could easily remove that with a:gsub()
but since I guess there are far more problems...
But something like
might help...
Edit: doesn't really help, see below :-)
got a crash with
4,294,967,295
(2^32 - 1) = -1 :/assuming that no one should need images bigger than 1000x1000
ugh.
i'd love it if someone else took it upon themselves to identify and report every crashing bug related to texture modifiers. it's annoying and time consuming. but i have other more important things i want to work on, and this is also important.
They're most likely too many.
Who wants to do what needs 1. access to the whole of YL, 2. then find all mods that deal with formspecs, 3. then identify the extent this mod deals with formspecs and finally 4. whether user input is involved.
Steps 1 and 2 are more or less easy.
I can do so :-) Problem is: I used my os package and didn't got a stack traceback like you had in https://github.com/minetest/minetest/issues/14223.
If I follow https://github.com/minetest/minetest/blob/master/doc/compiling/linux.md: Is that enough?
Not only formspecs are affected. didn't test, but I'm quite sure that this can also be used to crash clients everywhere where textures are involved (hud, nodes, entities).
afaik touchscreen is the only thing which allows players to create formspecs. Is this about hunting down missing formspec escapes which will allow to insert crashy images? Volunteered for that already (#5925)
But for formspecs there is a much simpler and easier (but therefore hacky) solution which can be used to prevent crashes:
I don't want too many open projects, so I would like to finish chat_formspec first.
If noone has started to implement the validate_images func until then, I could do so :-)
Seems like validating only the formspecs that players can modify should be enough?
Basically the ones that touchscreen generates (and it already does some processing for them...):
https://github.com/minetest-mirrors/digistuff/blob/master/touchscreen.lua
(yes, I'm just trying to save some server CPU cycles... poor main thread is already struggling)I also have a radical suggestion of ignoring this in general and only dealing with specific machines that cause this, since not many people use touchscreens and there's even less public touchscreens, it may never come up at allcreated upstream issues
[crack: https://github.com/minetest/minetest/issues/14241 (results in arithmetic exception)
everything else: https://github.com/minetest/minetest/issues/14242 (segfault)
[crack should be fixed now. (
ed7d4037b2
)QA
I can't reproduce the issue with the repro given by flux.
Fixing all the other parts looks like it is out of scope for this issue?
The question is: Is this an issue with minetest client not being able to sort out invalid image modifiers or is it an issue with digistuff touchscreen not checking what kind of image it puts into the formspec? I mean: all pre 5.9 versions of MT are effected...
mostly it's a bug with the minetest client - it shouldn't crash on bad user input. the touchscreen could also do a better job of filtering, but that's non-trivial.
The engine implemented some checks for texture modifiers, so all of the crashy ones mentioned here don't crash any longer.
this is live (gating the touchscreen on mesemaker). i'm not sure there's a separate issue for the client crashes, but it sounds like all the ones we know of have been fixed upstream.