| … | |
… | |
| 1530 | { |
1530 | { |
| 1531 | LOG (llevError, "%s: spell has no face, but face is mandatory.\n", &spell->name); |
1531 | LOG (llevError, "%s: spell has no face, but face is mandatory.\n", &spell->name); |
| 1532 | spell->face = face_find ("burnout.x11", blank_face); |
1532 | spell->face = face_find ("burnout.x11", blank_face); |
| 1533 | } |
1533 | } |
| 1534 | |
1534 | |
|
|
1535 | pl->ns->send_face (spell->face); |
|
|
1536 | |
| 1535 | /* send the current values */ |
1537 | /* send the current values */ |
| 1536 | sl << uint32 (spell->count) |
1538 | sl << uint32 (spell->count) |
| 1537 | << uint16 (spell->level) |
1539 | << uint16 (spell->level) |
| 1538 | << uint16 (spell->casting_time) |
1540 | << uint16 (spell->casting_time) |
| 1539 | << uint16 (spell->last_sp) |
1541 | << uint16 (spell->last_sp) |
| … | |
… | |
| 1574 | * bytes and 3 strings (because that is the spec) so we need to |
1576 | * bytes and 3 strings (because that is the spec) so we need to |
| 1575 | * check that the length of those 3 strings, plus the 23 bytes, |
1577 | * check that the length of those 3 strings, plus the 23 bytes, |
| 1576 | * won't take us over the length limit for the socket, if it does, |
1578 | * won't take us over the length limit for the socket, if it does, |
| 1577 | * we need to send what we already have, and restart packet formation |
1579 | * we need to send what we already have, and restart packet formation |
| 1578 | */ |
1580 | */ |
|
|
1581 | if (spell->type != SPELL) |
|
|
1582 | continue; |
|
|
1583 | |
| 1579 | /* Seeing crashes by overflowed buffers. Quick arithemetic seems |
1584 | /* Seeing crashes by overflowed buffers. Quick arithemetic seems |
| 1580 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
1585 | * to show add_spell is 26 bytes + 2 strings. However, the overun |
| 1581 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
1586 | * is hundreds of bytes off, so correcting 22 vs 26 doesn't seem |
| 1582 | * like it will fix this |
1587 | * like it will fix this |
| 1583 | */ |
1588 | */ |
| 1584 | if (spell->type != SPELL) |
|
|
| 1585 | continue; |
|
|
| 1586 | |
|
|
| 1587 | if (sl.length () >= (MAXSOCKBUF - (26 + strlen (spell->name) + (spell->msg ? strlen (spell->msg) : 0)))) |
1589 | if (sl.length () >= (MAXSOCKBUF - (26 + strlen (spell->name) + (spell->msg ? strlen (spell->msg) : 0)))) |
| 1588 | { |
1590 | { |
|
|
1591 | pl->ns->flush_fx (); |
| 1589 | pl->ns->send_packet (sl); |
1592 | pl->ns->send_packet (sl); |
| 1590 | |
1593 | |
| 1591 | sl.reset (); |
1594 | sl.reset (); |
| 1592 | sl << "addspell "; |
1595 | sl << "addspell "; |
| 1593 | } |
1596 | } |
| … | |
… | |
| 1608 | LOG (llevError, "Buffer overflow in esrv_add_spells!\n"); |
1611 | LOG (llevError, "Buffer overflow in esrv_add_spells!\n"); |
| 1609 | fatal (0); |
1612 | fatal (0); |
| 1610 | } |
1613 | } |
| 1611 | |
1614 | |
| 1612 | /* finally, we can send the packet */ |
1615 | /* finally, we can send the packet */ |
|
|
1616 | pl->ns->flush_fx (); |
| 1613 | pl->ns->send_packet (sl); |
1617 | pl->ns->send_packet (sl); |
| 1614 | } |
1618 | } |
| 1615 | |
1619 | |
