CRASH in version 1.4.1

Question

CRASH in version 1.4.1

RodrigoMSR opened this issue 4 years ago · 11 comments

Hello,

I was using version 1.3.0 of the plugin, and I have never had a server crash problem for years. However, when I upgraded to version 1.4.1, crashes started happening randomly, once every 1-3 days.

server_log.txt:

[21/02/2021 03:32:47] [debug] Server crashed due to an unknown error
[21/02/2021 03:32:47] [debug] Native backtrace:
[21/02/2021 03:32:47] [debug] #0 f7a4de8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #1 f7a46bcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #2 f7a47dbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #3 f7a48226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #4 f7a4dadc in ?? () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #5 f7f26090 in __kernel_rt_sigreturn () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #6 f7f26069 in __kernel_vsyscall () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #7 f7aa0382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #8 f7a8a2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #9 f7de1ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #10 f7de9094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #11 f7de90fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #12 f7de93fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #13 f6330371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #14 f633e344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #15 080aed6d in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #16 080aef32 in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #17 080aa16a in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #18 f7a8bb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #19 0804b4e1 in ?? () from ./samp03svr

Answer 1 · 2021-02-21T09:34:33.000Z

I did some tests and I think the reason for this crash is when I rewrite a sync packet exceeding the original length. I managed to reproduce the same errors in the log.

I use BS_SetWriteOffset with 280 bits to change only health / armor in the onfoot sync. Some player probably sent an invalid packet (smaller than expected), so I would be writing to a part of the packet that doesn't exist.

It also occurs with BS_WriteOnFootSync, BS_WriteInCarSync, etc.

Answer 2 · 2021-02-22T17:49:43.000Z

Attach full server_log.txt and example.pwn (to reproduce the error), please.

Answer 3 · 2021-02-22T21:16:28.000Z

I guess you need to delete "BS_SetWriteOffset(bs, 0)" or "BS_ResetWritePointer(bs)" calls (if existing).

Answer 4 · 2021-02-22T21:44:32.000Z

I don't know how to simulate an invalid packet, so I tested it this way:

public OnIncomingPacket(playerid, packetid, BitStream:bs)
{
	if(packetid == 207) //PLAYER_SYNC
	{
		BS_SetWriteOffset(bs, 552);
		
		BS_WriteValue(
			bs,
			PR_UINT8, 0 //exceeding the total bits of the onfoot sync (552)
		);
		
		printf("this prints before the crash");
	}
	return 1;
}

This will crash the server.

Edit: this code, without BS_ResetWritePointer, crashes in Windows, but not on Linux. Deleting BS_ResetWritePointer really prevents crash on Linux. I'm using BS_ResetWritePointer in my code, but what I did to fix it was to check the size of the packet before writing it.

server_log.txt (Linux):

[22/02/2021 18:58:52] [debug] Server crashed due to an unknown error
[22/02/2021 18:58:52] [debug] Native backtrace:
[22/02/2021 18:58:52] [debug] #0 f7af1e8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #1 f7aeabcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #2 f7aebdbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #3 f7aec226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #4 f7af1adc in ?? () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #5 f7fca090 in __kernel_rt_sigreturn () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #6 f7fca069 in __kernel_vsyscall () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #7 f7b44382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #8 f7b2e2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #9 f7e85ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #10 f7e8d094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #11 f7e8d0fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #12 f7e8d3fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #13 f02f9371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #14 f0307344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #15 080aed6d in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #16 080aef32 in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #17 080aa16a in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #18 f7b2fb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #19 0804b4e1 in ?? () from ./samp03svr

Answer 5 · 2021-02-23T08:40:37.000Z

I need full server_log.txt, not just crashlog.
Why are you using BS_ResetWritePointer? Show by example how.

Answer 6 · 2021-02-23T10:46:16.000Z

Ok, but the full server_log is 80MB, so I cut out a lot of it.


----------
Loaded log file: "server_log.txt".
----------

SA-MP Dedicated Server
----------------------
v0.3.7-R3, (C)2005-2019 SA-MP Team

[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] Server Plugins
[20/02/2021 05:00:07] --------------
[20/02/2021 05:00:07]  Loading plugin: crashdetect.so
[20/02/2021 05:00:07]   CrashDetect v4.15.1 is OK.
[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: streamer.so
[20/02/2021 05:00:07] 

*** Streamer Plugin v2.9.4 by Incognito loaded ***

[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: sscanf.so
[20/02/2021 05:00:07] 

[20/02/2021 05:00:07]  ===============================

[20/02/2021 05:00:07]       sscanf plugin loaded.     

[20/02/2021 05:00:07]          Version:  2.8.3        

[20/02/2021 05:00:07]   (c) 2018 Alex "Y_Less" Cole  

[20/02/2021 05:00:07]  ===============================

[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: mysql.so
[20/02/2021 05:00:07]  >> plugin.mysql: R41-4 successfully loaded.
[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: filemanager.so
[20/02/2021 05:00:07] ******************
[20/02/2021 05:00:07] ** FILE MANAGER **
[20/02/2021 05:00:07] **    Loaded    **
[20/02/2021 05:00:07] ** Version 1.5 **
[20/02/2021 05:00:07] ******************
[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loading plugin: pawnraknet.so
[20/02/2021 05:00:07] [Pawn.RakNet] 

    | Pawn.RakNet 1.4.1 | 2016 - 2020
    |--------------------------------
    | Author and maintainer: urShadow


    | Compiled: Jun 18 2020 at 11:28:17
    |--------------------------------------------------------------
    | Forum thread: https://forum.sa-mp.com/showthread.php?t=640306
    |--------------------------------------------------------------
    | Repository: https://github.com/urShadow/Pawn.RakNet
    |--------------------------------------------------------------
    | Wiki: https://github.com/urShadow/Pawn.RakNet/wiki

[20/02/2021 05:00:07]   Loaded.
[20/02/2021 05:00:07]  Loaded 6 plugins.

[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] Ban list
[20/02/2021 05:00:07] --------
[20/02/2021 05:00:07]  Loaded: samp.ban
[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] 
[20/02/2021 05:00:07] Filterscripts
[20/02/2021 05:00:07] ---------------
[20/02/2021 05:00:07]   Loading filterscript 'anticheat.amx'...
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  |        YSI version 4.00.0001        | 
[20/02/2021 05:00:07]  |        By Alex "Y_Less" Cole        | 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07] --- Anticheat v2.0 loaded successfully!
[20/02/2021 05:00:07]   Loading filterscript 'objects.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'bases.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'rcon_cmds.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'HGps.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'Ints.amx'...
[20/02/2021 05:00:07]   Loading filterscript 'mapfix.amx'...
[20/02/2021 05:00:07]   MapFix by Nexius v3.9.4 loaded (filterscript version).
[20/02/2021 05:00:07]   Loading filterscript 'is_android.amx'...
[20/02/2021 05:00:07]   Loaded 8 filterscripts.

[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  |        YSI version 4.00.0001        | 
[20/02/2021 05:00:07]  |        By Alex "Y_Less" Cole        | 
[20/02/2021 05:00:07]  |                                     | 
[20/02/2021 05:00:07]  ======================================= 
[20/02/2021 05:00:07]  
[20/02/2021 05:00:12] Warning: Minimum time between new connections (300) exceeded for 187.61.119.92:7576. Ignoring the request.
[20/02/2021 05:00:12] Warning: Minimum time between new connections (300) exceeded for 177.125.122.167:22723. Ignoring the request.
[20/02/2021 05:00:13] Warning: Minimum time between new connections (300) exceeded for 177.47.71.44:26625. Ignoring the request.
[20/02/2021 05:00:13] Warning: Minimum time between new connections (300) exceeded for 179.222.46.20:57547. Ignoring the request.
[20/02/2021 05:00:14] Warning: Minimum time between new connections (300) exceeded for 177.47.71.44:26625. Ignoring the request.
[20/02/2021 05:00:14] Warning: Minimum time between new connections (300) exceeded for 177.21.84.27:51492. Ignoring the request.
[20/02/2021 05:00:15] Warning: Minimum time between new connections (300) exceeded for 200.161.50.76:51204. Ignoring the request.
[20/02/2021 05:00:15] Warning: Minimum time between new connections (300) exceeded for 186.226.162.231:44101. Ignoring the request.
[20/02/2021 05:00:16] Conexao ao banco de dados MySQL efetuada com sucesso
[20/02/2021 05:00:16] Warning: Minimum time between new connections (300) exceeded for 200.161.50.76:51204. Ignoring the request.
[20/02/2021 05:00:16] Warning: Minimum time between new connections (300) exceeded for 189.89.223.152:60775. Ignoring the request.
[20/02/2021 05:00:16] Loaded 17 ZvH maps
[20/02/2021 05:00:16] Loaded 8 Battle Royale maps
[20/02/2021 05:00:16] Derby: Loaded 59 DEFAULT maps
[20/02/2021 05:00:16] Derby: Loaded 26 DD maps
[20/02/2021 05:00:16] Derby: Loaded 25 CW maps
[20/02/2021 05:00:16] Loaded 21 Shooter maps
[20/02/2021 05:00:16] DM Race: Loaded 296 Easy DM maps
[20/02/2021 05:00:16] DM Race: Loaded 167 Race DM maps
[20/02/2021 05:00:16] DM Race: Loaded 21 Hard DM maps
[20/02/2021 05:00:17] Loaded 11 Fall maps
[20/02/2021 05:00:17] Loaded 70 A/D maps
[20/02/2021 05:00:17] 

[20/02/2021 05:00:17]   |-------------------------------------------------------
[20/02/2021 05:00:17]   |--- Multimode carregado com sucesso!
[20/02/2021 05:00:17]   |--  Server v4.5
[20/02/2021 05:00:17]   |--  (C) 2017 Stunts. Todos os direitos reservados
[20/02/2021 05:00:17]   |-------------------------------------------------------
[20/02/2021 05:00:17] 

[20/02/2021 05:00:17] Number of vehicle models: 123
[20/02/2021 05:00:17] [connection] incoming connection: 46.106.126.52:6379 id: 0
[20/02/2021 05:00:17] [join] Psoria has joined the server (0:46.106.126.52)
[20/02/2021 05:00:17] [connection] incoming connection: 36.74.43.59:25810 id: 1
[20/02/2021 05:00:17] [connection] incoming connection: 5.44.168.153:59716 id: 2
[20/02/2021 05:00:17] [join] Ragna has joined the server (1:36.74.43.59)
[20/02/2021 05:00:17] [connection] incoming connection: 187.61.119.92:7576 id: 3
[20/02/2021 05:00:17] [join] dontcrybaby. has joined the server (2:5.44.168.153)
[20/02/2021 05:00:17] [connection] incoming connection: 131.161.135.157:65523 id: 4
[20/02/2021 05:00:17] [join] XHardCbug has joined the server (3:187.61.119.92)
[20/02/2021 05:00:17] [connection] incoming connection: 107.182.231.206:52264 id: 5
[20/02/2021 05:00:17] [join] Paperback has joined the server (4:131.161.135.157)
[20/02/2021 05:00:17] [connection] incoming connection: 177.92.187.234:38584 id: 6
[20/02/2021 05:00:17] [join] Pedro.old has joined the server (5:107.182.231.206)
[20/02/2021 05:00:17] [connection] incoming connection: 179.222.46.20:57547 id: 7
[20/02/2021 05:00:17] [connection] incoming connection: 187.111.132.143:10641 id: 8


......................................


[21/02/2021 03:32:35] CMD: [ID:10] Rodrigo.old digitou '/sair'
[21/02/2021 03:32:35] CMD: [ID:6] [TF]AimBeacker digitou '/pc'
[21/02/2021 03:32:36] CMD: [ID:30] [PCC]Luiz.2906 digitou '/clans'
[21/02/2021 03:32:36] CMD: [ID:10] Rodrigo.old digitou '/clans'
[21/02/2021 03:32:38] CMD: [ID:48] [Girlz].Six digitou '/config'
[21/02/2021 03:32:39] CMD: [ID:24] Ryan_Lira digitou '/r meu cell tem isso, pqp q bglh chato vei'
[21/02/2021 03:32:39] CMD: [ID:22] MrThomasaum digitou '/convidarclan'
[21/02/2021 03:32:39] CMD: [ID:15] FelpsZ digitou '/v'
[21/02/2021 03:32:40] [death] [TF]AimBeacker died 255
[21/02/2021 03:32:40] CMD: [ID:20] [ARG]GHOST[SAO] digitou '/v'
[21/02/2021 03:32:41] [death] [SCS]Paperback died 255
[21/02/2021 03:32:41] CMD: [ID:16] Lucas_Gamer digitou '/DMRACE'
[21/02/2021 03:32:42] CMD: [ID:1] Scottinho.Us digitou '/VM RA'
[21/02/2021 03:32:42] CMD: [ID:10] Rodrigo.old digitou '/clans'
[21/02/2021 03:32:44] [connection] incoming connection: 179.51.164.143:6372 id: 23
[21/02/2021 03:32:44] CMD: [ID:6] [TF]AimBeacker digitou '/pc'
[21/02/2021 03:32:44] [death] xont.wy died 255
[21/02/2021 03:32:44] CMD: [ID:9] sonnyn_cj digitou '/colete'
[21/02/2021 03:32:45] CMD: [ID:14] Yago_SAMP digitou '/car sult'
[21/02/2021 03:32:45] CMD: [ID:41] [STT]Adrian digitou '/ban 12 Cheater'
[21/02/2021 03:32:45] [debug] samp launcher packet received
[21/02/2021 03:32:45] [join] GABRIEL_RT has joined the server (23:179.51.164.143)
[21/02/2021 03:32:45] CMD: [ID:3] kbk digitou '/HELP'
[21/02/2021 03:32:46] [part] Eaten_Bee has left the server (12:2)
[21/02/2021 03:32:46] CMD: [ID:30] [PCC]Luiz.2906 digitou '/aceitarclan'
[21/02/2021 03:32:47] [debug] Server crashed due to an unknown error
[21/02/2021 03:32:47] [debug] Native backtrace:
[21/02/2021 03:32:47] [debug] #0 f7a4de8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #1 f7a46bcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #2 f7a47dbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #3 f7a48226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #4 f7a4dadc in ?? () from plugins/crashdetect.so
[21/02/2021 03:32:47] [debug] #5 f7f26090 in __kernel_rt_sigreturn () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #6 f7f26069 in __kernel_vsyscall () from linux-gate.so.1
[21/02/2021 03:32:47] [debug] #7 f7aa0382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #8 f7a8a2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #9 f7de1ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #10 f7de9094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #11 f7de90fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #12 f7de93fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[21/02/2021 03:32:47] [debug] #13 f6330371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #14 f633e344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[21/02/2021 03:32:47] [debug] #15 080aed6d in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #16 080aef32 in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #17 080aa16a in ?? () from ./samp03svr
[21/02/2021 03:32:47] [debug] #18 f7a8bb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[21/02/2021 03:32:47] [debug] #19 0804b4e1 in ?? () from ./samp03svr

There is no reason for me to use BS_ResetWritePointer, I already removed it from my code.

My old code:

hook OnIncomingPacket(playerid, packetid, BitStream:bs)
{
	if(playerid == -1) return 1;
	
	switch(packetid)
	{
		case PLAYER_SYNC:
		{
			if(IsWasted(playerid)) return Y_HOOKS_BREAK_RETURN_0;
			
			BS_SetReadOffset(bs, 8 + 16 + 16 + 16 + (3*32) + (4*32)); //UINT8, UINT16, UINT16, UINT16, PR_FLOAT3, PR_FLOAT4
			
			new health, armour;
			
			BS_ReadValue(
				bs,
				PR_UINT8, health
			);
			
			if(0 < health - s_Health[playerid] <= 35)
			{
				Damage_CheckVendMachine(playerid, float(health));
			}
			
			health = floatround(s_Health[playerid], floatround_floor);
			armour = floatround(s_Armour[playerid], floatround_floor);
			
			BS_SetWriteOffset(bs, 8 + 16 + 16 + 16 + (3*32) + (4*32));
			
			BS_WriteValue(
				bs,
				PR_UINT8, health,
				PR_UINT8, armour
			);
			
			BS_ResetReadPointer(bs);
			BS_ResetWritePointer(bs);
		}
		case VEHICLE_SYNC:
		{
			if(IsWasted(playerid)) return Y_HOOKS_BREAK_RETURN_0;
			
			new inCarData[PR_InCarSync];
			
			BS_IgnoreBits(bs, 8);
			BS_ReadInCarSync(bs, inCarData);
			
			inCarData[PR_playerHealth] = floatround(s_Health[playerid], floatround_floor);
			inCarData[PR_armour] = floatround(s_Armour[playerid], floatround_floor);
			
			
			
			//----------------- Vehicle keys -----------------
			if(inCarData[PR_keys] & KEY_FIRE || inCarData[PR_keys] & KEY_ACTION)
			{
				new gm = GetGameMode(playerid), model = GetVehicleModel(inCarData[PR_vehicleId]);
				
				if((gm == GM_FREE && (model == 407 || model == 601)) || (gm == GM_CnR && (model == 425 || model == 520)))
				{
					inCarData[PR_keys] &= ~(KEY_FIRE | KEY_ACTION);
				}
			}
			//---------------------------------------------------
			
			
			
			BS_SetWriteOffset(bs, 8);
			BS_WriteInCarSync(bs, inCarData);
			
			BS_ResetReadPointer(bs);
			BS_ResetWritePointer(bs);
		}
		case PASSENGER_SYNC:
		{
			if(IsWasted(playerid)) return Y_HOOKS_BREAK_RETURN_0;
			
			new health, armour;
			
			health = floatround(s_Health[playerid], floatround_floor);
			armour = floatround(s_Armour[playerid], floatround_floor);
			
			BS_SetWriteOffset(bs, 8 + 16 + 2 + 6 + 2 + 6);
			
			BS_WriteValue(
				bs,
				PR_UINT8, health,
				PR_UINT8, armour
			);
			
			BS_ResetWritePointer(bs);
		}
	}
	return 1;
}

Answer 7 · 2021-02-23T11:09:15.000Z

Function BS_ResetWritePointer empties BitStream data. No reason to use it after BS_WriteValue, it is nonsense.

I think it is a cause of the issue.

without BS_ResetWritePointer, crashes in Windows

Are you sure?

Answer 8 · 2021-02-23T11:22:54.000Z

Yes, I've tested again this code on Windows.


----------
Loaded log file: "server_log.txt".
----------

SA-MP Dedicated Server
----------------------
v0.3.7-R3, (C)2005-2019 SA-MP Team

[23/02/2021 08:19:23] 
[23/02/2021 08:19:23] Server Plugins
[23/02/2021 08:19:23] --------------
[23/02/2021 08:19:23]  Loading plugin: crashdetect.dll
[23/02/2021 08:19:23]   CrashDetect v4.15.1 is OK.
[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: streamer.dll
[23/02/2021 08:19:23] 

*** Streamer Plugin v2.9.4 by Incognito loaded ***

[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: sscanf.dll
[23/02/2021 08:19:23] 

[23/02/2021 08:19:23]  ===============================

[23/02/2021 08:19:23]       sscanf plugin loaded.     

[23/02/2021 08:19:23]          Version:  2.8.3        

[23/02/2021 08:19:23]   (c) 2018 Alex "Y_Less" Cole  

[23/02/2021 08:19:23]  ===============================

[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: mysql.dll
[23/02/2021 08:19:23]  >> plugin.mysql: R41-4 successfully loaded.
[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: pawnraknet.dll
[23/02/2021 08:19:23] [Pawn.RakNet] 

    | Pawn.RakNet 1.4.1 | 2016 - 2020
    |--------------------------------
    | Author and maintainer: urShadow


    | Compiled: Jun 18 2020 at 14:19:11
    |--------------------------------------------------------------
    | Forum thread: https://forum.sa-mp.com/showthread.php?t=640306
    |--------------------------------------------------------------
    | Repository: https://github.com/urShadow/Pawn.RakNet
    |--------------------------------------------------------------
    | Wiki: https://github.com/urShadow/Pawn.RakNet/wiki

[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loading plugin: filemanager.dll
[23/02/2021 08:19:23] ******************
[23/02/2021 08:19:23] ** FILE MANAGER **
[23/02/2021 08:19:23] **    Loaded    **
[23/02/2021 08:19:23] ** Version 1.5 **
[23/02/2021 08:19:23] ******************
[23/02/2021 08:19:23]   Loaded.
[23/02/2021 08:19:23]  Loaded 6 plugins.

[23/02/2021 08:19:23] 
[23/02/2021 08:19:23] Filterscripts
[23/02/2021 08:19:23] ---------------
[23/02/2021 08:19:23]   Loading filterscript 'anticheat.amx'...
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23]  ======================================= 
[23/02/2021 08:19:23]  |                                     | 
[23/02/2021 08:19:23]  |        YSI version 4.00.0001        | 
[23/02/2021 08:19:23]  |        By Alex "Y_Less" Cole        | 
[23/02/2021 08:19:23]  |                                     | 
[23/02/2021 08:19:23]  ======================================= 
[23/02/2021 08:19:23]  
[23/02/2021 08:19:23] --- Anticheat v2.0 loaded successfully!
[23/02/2021 08:19:23]   Loading filterscript 'objects.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'bases.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'rcon_cmds.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'HGps.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'Ints.amx'...
[23/02/2021 08:19:23]   Loading filterscript 'mapfix.amx'...
[23/02/2021 08:19:23]   MapFix by Nexius v3.9.4 loaded (filterscript version).
[23/02/2021 08:19:23]   Loading filterscript 'is_android.amx'...
[23/02/2021 08:19:24]   Loaded 8 filterscripts.

[23/02/2021 08:19:24]  
[23/02/2021 08:19:24]  
[23/02/2021 08:19:24]  
[23/02/2021 08:19:24]  ======================================= 
[23/02/2021 08:19:24]  |                                     | 
[23/02/2021 08:19:24]  |        YSI version 4.00.0001        | 
[23/02/2021 08:19:24]  |        By Alex "Y_Less" Cole        | 
[23/02/2021 08:19:24]  |                                     | 
[23/02/2021 08:19:24]  ======================================= 
[23/02/2021 08:19:24]  
[23/02/2021 08:19:29] Conexao ao banco de dados MySQL efetuada com sucesso
[23/02/2021 08:19:31] Loaded 17 ZvH maps
[23/02/2021 08:19:31] Loaded 8 Battle Royale maps
[23/02/2021 08:19:31] Derby: Loaded 1 DEFAULT maps
[23/02/2021 08:19:31] Derby: Loaded 7 DD maps
[23/02/2021 08:19:31] Derby: Loaded 1 CW maps
[23/02/2021 08:19:31] Loaded 3 Shooter maps
[23/02/2021 08:19:31] DM Race: Loaded 0 Easy DM maps
[23/02/2021 08:19:31] DM Race: Loaded 0 Race DM maps
[23/02/2021 08:19:31] DM Race: Loaded 0 Hard DM maps
[23/02/2021 08:19:31] Loaded 11 Fall maps
[23/02/2021 08:19:31] Loaded 71 A/D maps
[23/02/2021 08:19:31] 

[23/02/2021 08:19:31]   |-------------------------------------------------------
[23/02/2021 08:19:31]   |--- Multimode carregado com sucesso!
[23/02/2021 08:19:31]   |--  Server v4.5
[23/02/2021 08:19:31]   |--  (C) 2017 Stunts. Todos os direitos reservados
[23/02/2021 08:19:31]   |-------------------------------------------------------
[23/02/2021 08:19:31] 

[23/02/2021 08:19:31] Number of vehicle models: 123
[23/02/2021 08:19:48] [connection] incoming connection: 127.0.0.1:56702 id: 0
[23/02/2021 08:19:49] [join] [STT]Rodrigo[DN] has joined the server (0:127.0.0.1)
[23/02/2021 08:19:56] this prints before the crash
[23/02/2021 08:19:56] [debug] Server crashed due to an unknown error
[23/02/2021 08:19:56] [debug] Native backtrace:
[23/02/2021 08:19:56] [debug] #0 77c55e2c in ?? () from C:\Windows\SYSTEM32\ntdll.dll
[23/02/2021 08:19:56] [debug] #1 77c18786 in ?? () from C:\Windows\SYSTEM32\ntdll.dll
[23/02/2021 08:19:56] [debug] #2 00498f01 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #3 00450046 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #4 00491141 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #5 0049127c in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #6 0048d4fb in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #7 0049b591 in ?? () from samp-server.exe
[23/02/2021 08:19:56] [debug] #8 0049b5a1 in ?? () from samp-server.exe

Answer 9 · 2021-03-31T17:12:32.000Z

I don't know how to simulate an invalid packet, so I tested it this way:

public OnIncomingPacket(playerid, packetid, BitStream:bs)
{
	if(packetid == 207) //PLAYER_SYNC
	{
		BS_SetWriteOffset(bs, 552);
		
		BS_WriteValue(
			bs,
			PR_UINT8, 0 //exceeding the total bits of the onfoot sync (552)
		);
		
		printf("this prints before the crash");
	}
	return 1;
}

This will crash the server.

Edit: this code, without BS_ResetWritePointer, crashes in Windows, but not on Linux. Deleting BS_ResetWritePointer really prevents crash on Linux. I'm using BS_ResetWritePointer in my code, but what I did to fix it was to check the size of the packet before writing it.

server_log.txt (Linux):

[22/02/2021 18:58:52] [debug] Server crashed due to an unknown error
[22/02/2021 18:58:52] [debug] Native backtrace:
[22/02/2021 18:58:52] [debug] #0 f7af1e8b in _ZN10StackTraceC1EPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #1 f7aeabcf in _ZN11CrashDetect20PrintNativeBacktraceERSoPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #2 f7aebdbc in _ZN11CrashDetect20PrintNativeBacktraceEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #3 f7aec226 in _ZN11CrashDetect11OnExceptionEPv () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #4 f7af1adc in ?? () from plugins/crashdetect.so
[22/02/2021 18:58:52] [debug] #5 f7fca090 in __kernel_rt_sigreturn () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #6 f7fca069 in __kernel_vsyscall () from linux-gate.so.1
[22/02/2021 18:58:52] [debug] #7 f7b44382 in gsignal () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #8 f7b2e2b6 in abort () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #9 f7e85ab7 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #10 f7e8d094 in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #11 f7e8d0fd in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #12 f7e8d3fc in ?? () from /lib/i386-linux-gnu/libstdc++.so.6
[22/02/2021 18:58:52] [debug] #13 f02f9371 in _ZN9Functions9RakServer9NewPacketEtRKN6RakNet9BitStreamE () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #14 f0307344 in _ZN5Hooks13InternalHooks18RakServer__ReceiveEPv () from plugins/pawnraknet.so
[22/02/2021 18:58:52] [debug] #15 080aed6d in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #16 080aef32 in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #17 080aa16a in ?? () from ./samp03svr
[22/02/2021 18:58:52] [debug] #18 f7b2fb41 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
[22/02/2021 18:58:52] [debug] #19 0804b4e1 in ?? () from ./samp03svr

you confuse something, max for this packet is 456, not 552

Answer 10 · 2021-03-31T23:21:37.000Z

@Dmitriy51

Code from plugin include:

BS_ReadValue(
	bs,
	PR_UINT16, data[PR_lrKey],
	PR_UINT16, data[PR_udKey],
	PR_UINT16, data[PR_keys],
	PR_FLOAT3, data[PR_position],
	PR_FLOAT4, data[PR_quaternion],
	PR_UINT8, data[PR_health],
	PR_UINT8, data[PR_armour],
	PR_BITS, data[PR_additionalKey], 2,
	PR_BITS, data[PR_weaponId], 6,
	PR_UINT8, data[PR_specialAction],
	PR_FLOAT3, data[PR_velocity],
	PR_FLOAT3, data[PR_surfingOffsets],
	PR_UINT16, data[PR_surfingVehicleId],
	PR_INT16, data[PR_animationId],
	PR_INT16, data[PR_animationFlags]
);

8+16+16+16+(3*32)+(4*32)+8+8+2+6+8+(3*32)+(3*32)+16+16+16 = 552 (first 8 bits is packet ID)

Answer 11 · 2021-04-03T05:20:17.000Z

@Dmitriy51

Code from plugin include:

BS_ReadValue(
	bs,
	PR_UINT16, data[PR_lrKey],
	PR_UINT16, data[PR_udKey],
	PR_UINT16, data[PR_keys],
	PR_FLOAT3, data[PR_position],
	PR_FLOAT4, data[PR_quaternion],
	PR_UINT8, data[PR_health],
	PR_UINT8, data[PR_armour],
	PR_BITS, data[PR_additionalKey], 2,
	PR_BITS, data[PR_weaponId], 6,
	PR_UINT8, data[PR_specialAction],
	PR_FLOAT3, data[PR_velocity],
	PR_FLOAT3, data[PR_surfingOffsets],
	PR_UINT16, data[PR_surfingVehicleId],
	PR_INT16, data[PR_animationId],
	PR_INT16, data[PR_animationFlags]
);

8+16+16+16+(3*32)+(4*32)+8+8+2+6+8+(3*32)+(3*32)+16+16+16 = 552 (first 8 bits is packet ID)

You are right, I forgot data[PR_surfingOffsets]