#272 M1 program can crash fuzzball with '#-3 thing?'
- On our MUCK, SpinDizzy, running 6.07, a player was able to crash our server by running the M1 MUF program:
-
main #-3 thing? if else me @ "beep" notify then ;
They ran it via @mpi {muf:#xxxx,} But I don't think it matters.
It was not meant to be malicious; they were just learning how to use MUF. In any case, when that ran the game crashed immediately. Apparently running '#-2 thing?' and '#-1 thing?' did not cause any issues.
I tracked it down to a bug in the macro CHECKREMOTE(x) in interp.h. Just to keep our game safe, I added a check to abort inside the macro if x < 0.
Checking 6.09, I didn't see the macro nor the thing? primitive as having changed, so I don't think this is fixed. If it was via some other method, then of course just ignore this bug. I marked it private since it's possible a guest could exploit this to crash any game running FuzzBall 6.xx.
morticon@spindizzy (---.org, if further contact is needed)
Can not reproduce with the current CVS. Morticon suggests it may be an intermittent memory bug. Closed, but will keep an eye on this.
Last edit: Wyld 2015-05-03