Mineclonia
/
Mineclonia
Archived
12
17
Fork 13
Code Issues 105 Pull Requests 19 Projects Releases Wiki Activity

HUD/mcl_inventory: Fix creative mode inventory search crash #237

Merged
erlehmann merged 1 commits from fix-creative-inventory-crash into master 2022-01-22 17:49:21 +01:00
Conversation 0 Commits 1 Files Changed 1 +1 -1
erlehmann commented 2022-01-21 23:41:30 +01:00
Owner
Copy Link
Problem

TRACKING ISSUE: #235

Before this patch it was possible for any user to to crash Minetest in
creative mode. This was possible because queries in the search field
were interpreted as search patterns for string.find().

A search for a single square bracket would reliably crash the server.
Also, a search for 6000 times the string “a?” would hang the server.

Solution

The solution to both bugs is to not interpret the query as a pattern.

Details

http://www.lua.org/manual/5.1/manual.html#pdf-string.find says:

string.find (s, pattern [, init [, plain]])

Looks for the first match of pattern in the string s. If it finds a match, then find returns the indices of s where this occurrence starts and ends; otherwise, it returns nil. A third, optional numerical argument init specifies where to start the search; its default value is 1 and can be negative. A value of true as a fourth, optional argument plain turns off the pattern matching facilities, so the function does a plain "find substring" operation, with no characters in pattern being considered "magic". Note that if plain is given, then init must be given as well.

Testing Steps
Verify Bug
  1. Enter a new world in Minetest 5.4.1 with Mineclonia commit 23f1c51912 in creative mode.
  2. Open the inventory and search for the string [.
  3. Verify that Minetest shows a crash message about an invalid pattern missing a ] character.
Verify Patch
  1. Enter a new world in Minetest 5.4.1 with Mineclonia commit f975055464 in creative mode.
  2. Open the inventory and search for the string [.
  3. Verify that Minetest does not crash.
  4. Verify that the search still finds items – by searching for dirt, a golden apple, and a book.
##### Problem TRACKING ISSUE: https://git.minetest.land/Mineclonia/Mineclonia/issues/235 Before this patch it was possible for any user to to crash Minetest in creative mode. This was possible because queries in the search field were interpreted as search patterns for string.find(). A search for a single square bracket would reliably crash the server. Also, a search for 6000 times the string “a?” would hang the server. ##### Solution The solution to both bugs is to not interpret the query as a pattern. ##### Details http://www.lua.org/manual/5.1/manual.html#pdf-string.find says: > string.find (s, pattern [, init [, plain]]) > > Looks for the first match of pattern in the string s. If it finds a match, then find returns the indices of s where this occurrence starts and ends; otherwise, it returns nil. A third, optional numerical argument init specifies where to start the search; its default value is 1 and can be negative. **A value of true as a fourth, optional argument plain turns off the pattern matching facilities, so the function does a plain "find substring" operation, with no characters in pattern being considered "magic".** Note that if plain is given, then init must be given as well. ##### Testing Steps ###### Verify Bug 1. Enter a new world in Minetest 5.4.1 with Mineclonia commit 23f1c51912627f9138b111e6e1649025dc5c358c in creative mode. 2. Open the inventory and search for the string `[`. 3. Verify that Minetest shows a crash message about an invalid pattern missing a `]` character. ###### Verify Patch 1. Enter a new world in Minetest 5.4.1 with Mineclonia commit f975055464aa0c5ad1052c0dab13f6a84a9ef4b0 in creative mode. 2. Open the inventory and search for the string `[`. 3. Verify that Minetest does not crash. 4. Verify that the search still finds items – by searching for dirt, a golden apple, and a book.
erlehmann added 1 commit 2022-01-21 23:41:34 +01:00
f975055464
Fix creative mode inventory search crash 
Before this patch it was possible for any user to to crash Minetest in
creative mode. This was possible because queries in the search field
were interpreted as search patterns for string.find().

A search for a single square bracket would reliably crash the server.
Also, a search for 6000 times the string “a?” would hang the server.

The solution to both bugs is to not interpret the query as a pattern.
Li0n_2 approved these changes 2022-01-22 17:45:23 +01:00
Li0n_2 left a comment
Member

my testing concludes that this PR does indeed fix the [ crash. besides that, the search results seem unchanged.

my testing concludes that this PR does indeed fix the `[` crash. besides that, the search results seem unchanged.
erlehmann merged commit 3b92d060f4 into master 2022-01-22 17:49:21 +01:00
erlehmann deleted branch fix-creative-inventory-crash 2022-01-22 17:49:49 +01:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Li0n_2
Labels
Clear labels   
blocker

blocks release until resolved

  
bug

   
code quality

   
confirmed

   
critical

crashes, catastrophic bugs

  
discussion

   
high priority

   
incompatibility

incompatible with mcl2

  
incomplete feature

   
invalid

   
low priority

   
missing feauture

   
needs testing

   
packet spam

   
performance

   
project

meta-issues

  
regression

   
translations

   
unconfirmed
  
in review

   
ready for review
No Label
blocker
bug
code quality
confirmed
critical
discussion
high priority
incompatibility
incomplete feature
invalid
low priority
missing feauture
needs testing
packet spam
performance
project
regression
translations
unconfirmed
in review
ready for review
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Mineclonia/Mineclonia#237
No description provided.
Delete Branch "fix-creative-inventory-crash"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?