[sldev] Crash on "Save object back to object contents" VWR-176 / 828

Nicholaz Beresford nicholaz at blueflash.cc
Sat May 26 16:19:48 PDT 2007

Previous message: [sldev] Crash on "Save object back to object contents" VWR-176 / 828
Next message: [sldev] Possible hard-loop (endless, viewer-hang) in script editor
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I did check into this further, but I guess I'll have to leave that to 
the Lindens.   It's easy to reproduce, I found out a few things (noted 
below) but don't understand the message system enough to solve this.


Here are my obersations (also noted in VWR-828):

I kept digging into this, but I guess that less than trivial.

There seem to be two issues playing into each other

1) a packet is received and decoded an on the way one of the checks 
fails, seeing that decoding goes beyond the expected end (""Ran off end 
of packet " ). The packet type is DeRezAck and either there is a 
malformed packet packet of this type sent by the server or the decoding 
is wrong (or of course it's something else).

2) when the system detects the problem, it tries to write an error to 
the log (llwarns << "blah blah") in LLMessageSystem::dumpPacketToLog(). 
The bad news is that this overwrites something in the underlying object, 
i.e. that std::iostream operation seems to be overwriting buffers which 
then causes an exception in the Microsoft classes (the exception is 
probably designed to detect buffer overrun attacks).
[ Show » <https://jira.secondlife.com/browse/VWR-828> ]
Nicholaz Beresford 
<https://jira.secondlife.com/secure/ViewProfile.jspa?name=Nicholaz+Beresford> 
[26/May/07 04:15 PM] I kept digging into this, but I guess that less 
than trivial. There seem to be two issues playing into each other 1) a 
packet is received and decoded an on the way one of the checks fails, 
seeing that decoding goes beyond the expected end. The packet type is 
DeRezAck and either there is a malformed packet packet of this type sent 
by the server or the decoding is wrong (or of course it's something 
else). 2) when the system detects the problem, it tries to write an 
error to the log (llwarns << "blah blah") in 
LLMessageSystem::dumpPacketToLog(). The bad news is that this overwrites 
something in the underlying object, i.e. that std::iostream operation 
seems to be overwriting buffers which then causes an exception in the 
Microsoft classes (the exception is probably designed to detect buffer 
overrun attacks).


A stack and some other informations are at
https://jira.secondlife.com/browse/VWR-828





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20070527/9e577125/attachment.htm

Previous message: [sldev] Crash on "Save object back to object contents" VWR-176 / 828
Next message: [sldev] Possible hard-loop (endless, viewer-hang) in script editor
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list