Thread Exception when trying to access a cmdarg #137

  • New
  • Defect
Open
Assigned to
View _ForgeUser8773666's Profile
_ForgeUser8773666
  • View _ForgeUser15723533's Profile
    _ForgeUser15723533 created this issue Jul 8, 2014

    Supposing we are passing $ or $asd or $asd.asd as cmd argument. When trying to get the cmdarg (@IF,@PLAYER, etc) the command thread stop working with an exception. I have not checked the other Script Commands, but i suppose them's also affected. I think this is critical because some commands could be exploited, especially if scripters are not aware.

    What steps will reproduce the problem?

    /test1 $ /test1 $ 1 /test1 $asd /test1 $asd.asd /test2 $ /test2 $ 1 /test2 $asd /test2 $asd.asd

    test1: Override: true Script: - '@PLAYER arg1 = cmdarg:1' - '@PLAYER This line never ocurrs if exception!' test2: Override: true Script: - '@IF s cmdarg:1 = 123' - ' @PLAYER 123' - '@ENDIF' - '@PLAYER This line never ocurrs if exception!'

    What is the expected output? What do you see instead?

    I expected the script completed without major problems.

    What version of the product are you using?

    VariableTriggers v1.3.2 for CB 1.7.9-R0.1 Jun 04, 2014 craftbukkit-1.7.9-R0.3

    Do you have an error log of what happened?

    Exception of '/test1 $'

    [19:10:56 WARN]: Exception in thread "Thread-121" [19:10:56 WARN]: java.lang.StringIndexOutOfBoundsException: String index out of range: 1 [19:10:56 WARN]: at java.lang.String.charAt(Unknown Source) [19:10:56 WARN]: at java.util.regex.Matcher.appendReplacement(Unknown Sou rce) [19:10:56 WARN]: at java.util.regex.Matcher.replaceFirst(Unknown Source) [19:10:56 WARN]: at java.lang.String.replaceFirst(Unknown Source) [19:10:56 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.funtiona lPlaceholders(ScriptInterpreter.java:3186) [19:10:56 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.Interpre t(ScriptInterpreter.java:1521) [19:10:56 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.run(Scri ptInterpreter.java:347) [19:10:56 WARN]: at java.lang.Thread.run(Unknown Source)

    Exception of '/test2 $'

    [19:11:51 WARN]: Exception in thread "Thread-123" [19:11:51 WARN]: java.lang.StringIndexOutOfBoundsException: String index out of range: 1 [19:11:51 WARN]: at java.lang.String.charAt(Unknown Source) [19:11:51 WARN]: at java.util.regex.Matcher.appendReplacement(Unknown Sou rce) [19:11:51 WARN]: at java.util.regex.Matcher.replaceFirst(Unknown Source) [19:11:51 WARN]: at java.lang.String.replaceFirst(Unknown Source) [19:11:51 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.funtiona lPlaceholders(ScriptInterpreter.java:3186) [19:11:51 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.Interpre t(ScriptInterpreter.java:507) [19:11:51 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.run(Scri ptInterpreter.java:347) [19:11:51 WARN]: at java.lang.Thread.run(Unknown Source)

    Exception of '/test1 $asd.asd' (This looks different)

    [19:17:14 WARN]: Exception in thread "Thread-129" [19:17:14 WARN]: java.lang.IllegalArgumentException: Illegal group reference [19:17:14 WARN]: at java.util.regex.Matcher.appendReplacement(Unknown Sou rce) [19:17:14 WARN]: at java.util.regex.Matcher.replaceFirst(Unknown Source) [19:17:14 WARN]: at java.lang.String.replaceFirst(Unknown Source) [19:17:14 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.funtiona lPlaceholders(ScriptInterpreter.java:3186) [19:17:14 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.Interpre t(ScriptInterpreter.java:1521) [19:17:14 WARN]: at com.wizardscraft.scripting.ScriptInterpreter.run(Scri ptInterpreter.java:347) [19:17:14 WARN]: at java.lang.Thread.run(Unknown Source)

  • View _ForgeUser15723533's Profile
    _ForgeUser15723533     added the tags New Defect Jul 8, 2014
  • View Lyoko_Firelyte's Profile
    Lyoko_Firelyte posted a comment Jul 13, 2014

    Well, first, 123 is an integer, so check for @IF i instead of @IF s. Second, when using $ it's trying to replace it into a variable and not providing the second half of the variable will throw an error.

  • View _ForgeUser15723533's Profile
    _ForgeUser15723533 posted a comment Jul 15, 2014

    @Lyoko_Firelyte: Go

    If the command argument starts with $ (no matters if it's a real variable or not, neither if it's boolean or unsigned int64) it also retrieves an exception. But if you say that in this case it's a feature and not a problem I really really apologize for that.

  • View ancienttom's Profile
    ancienttom posted a comment Jul 21, 2014

    @gondarwars: Go

    This is a really good catch. It's said that 123 is an integer and not a string. The fact is that this could be a string or an integer. It all depends on how the argument is meant to be used. So, it looks like VT is pre-typecasting arguments so you need to check for an integer. I, personally would consider all arguments passed from the chat line as strings, and then re-typecast them as they are used in a @SETINT command.

    But this is not the real problem. It seems that VT is also predetermining that if it sees a '$' first, this must be a variable. This is a problem. When it comes to arguments entered on the chat line by a player, it should always be considered as pure data input and never a variable. It could always be added to a variable at the scripter's discretion.

    p.s. Assume that the arguement needs to be a dollar amount. Would VT create a new object of 100 with the variable named 00 if the player enters $100.00?

    Edited Aug 6, 2014
  • View _ForgeUser15723533's Profile
    _ForgeUser15723533 posted a comment Aug 6, 2014

    @AncientTom: Go

    Very nice reply. I've just reported what from my perspective is an unexpected output. I admire you guys. Maybe I'm too perfectionist.

    Sorry for my bad english and late response.

To post a comment, please login or register a new account.