From e84cebe3754addb5aec91d20a56f5aef0de88097 Mon Sep 17 00:00:00 2001
From: Uleat <uleat.charismata@gmail.com>
Date: Mon, 12 Jan 2015 21:15:12 -0500
Subject: [PATCH] Changed OP_FormattedMessage code to eliminate possible oob
 error

---
 common/patches/rof.cpp       | 17 ++++++++++-------
 common/patches/rof2.cpp      | 17 ++++++++++-------
 common/patches/sod.cpp       | 17 ++++++++++-------
 common/patches/sof.cpp       | 17 ++++++++++-------
 common/patches/titanium.cpp  | 17 ++++++++++-------
 common/patches/underfoot.cpp | 17 ++++++++++-------
 zone/client.cpp              | 16 ++++++----------
 7 files changed, 66 insertions(+), 52 deletions(-)

diff --git a/common/patches/rof.cpp b/common/patches/rof.cpp
index 9bf49156f..3346a7823 100644
--- a/common/patches/rof.cpp
+++ b/common/patches/rof.cpp
@@ -877,26 +877,27 @@ namespace RoF
 
 		unsigned char *__emu_buffer = in->pBuffer;
 
+		char *old_message_ptr = (char *)in->pBuffer;
+		old_message_ptr += sizeof(FormattedMessage_Struct);
+
 		std::string old_message_array[9];
 
-		char *old_message_ptr = (char *)__emu_buffer + sizeof(FormattedMessage_Struct);
-
 		for (int i = 0; i < 9; ++i) {
+			if (*old_message_ptr == 0) { break; }
 			old_message_array[i] = old_message_ptr;
 			old_message_ptr += old_message_array[i].length() + 1;
-			if (old_message_array[i].length() == 0) { break; }
 		}
 
 		uint32 new_message_size = 0;
 		std::string new_message_array[9];
 
 		for (int i = 0; i < 9; ++i) {
-			ServerToRoFTextLink(new_message_array[i], old_message_array[i]);
-			new_message_size += (new_message_array[i].length() + 1);
 			if (new_message_array[i].length() == 0) { break; }
+			ServerToRoFTextLink(new_message_array[i], old_message_array[i]);
+			new_message_size += new_message_array[i].length() + 1;
 		}
 
-		in->size = sizeof(FormattedMessage_Struct) + new_message_size;
+		in->size = sizeof(FormattedMessage_Struct) + new_message_size + 1;
 		in->pBuffer = new unsigned char[in->size];
 
 		char *OutBuffer = (char *)in->pBuffer;
@@ -906,10 +907,12 @@ namespace RoF
 		VARSTRUCT_ENCODE_TYPE(uint32, OutBuffer, emu->type);
 
 		for (int i = 0; i < 9; ++i) {
-			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 			if (new_message_array[i].length() == 0) { break; }
+			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 		}
 
+		VARSTRUCT_ENCODE_TYPE(uint8, OutBuffer, 0);
+
 		delete[] __emu_buffer;
 		dest->FastQueuePacket(&in, ack_req);
 	}
diff --git a/common/patches/rof2.cpp b/common/patches/rof2.cpp
index 61d09826a..db48d231d 100644
--- a/common/patches/rof2.cpp
+++ b/common/patches/rof2.cpp
@@ -943,26 +943,27 @@ namespace RoF2
 
 		unsigned char *__emu_buffer = in->pBuffer;
 
+		char *old_message_ptr = (char *)in->pBuffer;
+		old_message_ptr += sizeof(FormattedMessage_Struct);
+
 		std::string old_message_array[9];
 
-		char *old_message_ptr = (char *)__emu_buffer + sizeof(FormattedMessage_Struct);
-
 		for (int i = 0; i < 9; ++i) {
+			if (*old_message_ptr == 0) { break; }
 			old_message_array[i] = old_message_ptr;
 			old_message_ptr += old_message_array[i].length() + 1;
-			if (old_message_array[i].length() == 0) { break; }
 		}
 
 		uint32 new_message_size = 0;
 		std::string new_message_array[9];
 
 		for (int i = 0; i < 9; ++i) {
-			ServerToRoF2TextLink(new_message_array[i], old_message_array[i]);
-			new_message_size += (new_message_array[i].length() + 1);
 			if (new_message_array[i].length() == 0) { break; }
+			ServerToRoF2TextLink(new_message_array[i], old_message_array[i]);
+			new_message_size += new_message_array[i].length() + 1;
 		}
 
-		in->size = sizeof(FormattedMessage_Struct) + new_message_size;
+		in->size = sizeof(FormattedMessage_Struct) + new_message_size + 1;
 		in->pBuffer = new unsigned char[in->size];
 
 		char *OutBuffer = (char *)in->pBuffer;
@@ -972,10 +973,12 @@ namespace RoF2
 		VARSTRUCT_ENCODE_TYPE(uint32, OutBuffer, emu->type);
 
 		for (int i = 0; i < 9; ++i) {
-			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 			if (new_message_array[i].length() == 0) { break; }
+			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 		}
 
+		VARSTRUCT_ENCODE_TYPE(uint8, OutBuffer, 0);
+
 		delete[] __emu_buffer;
 		dest->FastQueuePacket(&in, ack_req);
 	}
diff --git a/common/patches/sod.cpp b/common/patches/sod.cpp
index 7e4059414..7a118abb0 100644
--- a/common/patches/sod.cpp
+++ b/common/patches/sod.cpp
@@ -646,26 +646,27 @@ namespace SoD
 
 		unsigned char *__emu_buffer = in->pBuffer;
 
+		char *old_message_ptr = (char *)in->pBuffer;
+		old_message_ptr += sizeof(FormattedMessage_Struct);
+
 		std::string old_message_array[9];
 
-		char *old_message_ptr = (char *)__emu_buffer + sizeof(FormattedMessage_Struct);
-
 		for (int i = 0; i < 9; ++i) {
+			if (*old_message_ptr == 0) { break; }
 			old_message_array[i] = old_message_ptr;
 			old_message_ptr += old_message_array[i].length() + 1;
-			if (old_message_array[i].length() == 0) { break; }
 		}
 
 		uint32 new_message_size = 0;
 		std::string new_message_array[9];
 
 		for (int i = 0; i < 9; ++i) {
-			ServerToSoDTextLink(new_message_array[i], old_message_array[i]);
-			new_message_size += (new_message_array[i].length() + 1);
 			if (new_message_array[i].length() == 0) { break; }
+			ServerToSoDTextLink(new_message_array[i], old_message_array[i]);
+			new_message_size += new_message_array[i].length() + 1;
 		}
 
-		in->size = sizeof(FormattedMessage_Struct) + new_message_size;
+		in->size = sizeof(FormattedMessage_Struct) + new_message_size + 1;
 		in->pBuffer = new unsigned char[in->size];
 
 		char *OutBuffer = (char *)in->pBuffer;
@@ -675,10 +676,12 @@ namespace SoD
 		VARSTRUCT_ENCODE_TYPE(uint32, OutBuffer, emu->type);
 
 		for (int i = 0; i < 9; ++i) {
-			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 			if (new_message_array[i].length() == 0) { break; }
+			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 		}
 
+		VARSTRUCT_ENCODE_TYPE(uint8, OutBuffer, 0);
+
 		delete[] __emu_buffer;
 		dest->FastQueuePacket(&in, ack_req);
 	}
diff --git a/common/patches/sof.cpp b/common/patches/sof.cpp
index 942e36581..8040d2287 100644
--- a/common/patches/sof.cpp
+++ b/common/patches/sof.cpp
@@ -633,26 +633,27 @@ namespace SoF
 
 		unsigned char *__emu_buffer = in->pBuffer;
 
+		char *old_message_ptr = (char *)in->pBuffer;
+		old_message_ptr += sizeof(FormattedMessage_Struct);
+
 		std::string old_message_array[9];
 
-		char *old_message_ptr = (char *)__emu_buffer + sizeof(FormattedMessage_Struct);
-
 		for (int i = 0; i < 9; ++i) {
+			if (*old_message_ptr == 0) { break; }
 			old_message_array[i] = old_message_ptr;
 			old_message_ptr += old_message_array[i].length() + 1;
-			if (old_message_array[i].length() == 0) { break; }
 		}
 
 		uint32 new_message_size = 0;
 		std::string new_message_array[9];
 
 		for (int i = 0; i < 9; ++i) {
-			ServerToSoFTextLink(new_message_array[i], old_message_array[i]);
-			new_message_size += (new_message_array[i].length() + 1);
 			if (new_message_array[i].length() == 0) { break; }
+			ServerToSoFTextLink(new_message_array[i], old_message_array[i]);
+			new_message_size += new_message_array[i].length() + 1;
 		}
 
-		in->size = sizeof(FormattedMessage_Struct) + new_message_size;
+		in->size = sizeof(FormattedMessage_Struct) + new_message_size + 1;
 		in->pBuffer = new unsigned char[in->size];
 
 		char *OutBuffer = (char *)in->pBuffer;
@@ -662,10 +663,12 @@ namespace SoF
 		VARSTRUCT_ENCODE_TYPE(uint32, OutBuffer, emu->type);
 
 		for (int i = 0; i < 9; ++i) {
-			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 			if (new_message_array[i].length() == 0) { break; }
+			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 		}
 
+		VARSTRUCT_ENCODE_TYPE(uint8, OutBuffer, 0);
+
 		delete[] __emu_buffer;
 		dest->FastQueuePacket(&in, ack_req);
 	}
diff --git a/common/patches/titanium.cpp b/common/patches/titanium.cpp
index c51f6b078..187ac0bdf 100644
--- a/common/patches/titanium.cpp
+++ b/common/patches/titanium.cpp
@@ -492,26 +492,27 @@ namespace Titanium
 
 		unsigned char *__emu_buffer = in->pBuffer;
 
+		char *old_message_ptr = (char *)in->pBuffer;
+		old_message_ptr += sizeof(FormattedMessage_Struct);
+
 		std::string old_message_array[9];
 
-		char *old_message_ptr = (char *)__emu_buffer + sizeof(FormattedMessage_Struct);
-
 		for (int i = 0; i < 9; ++i) {
+			if (*old_message_ptr == 0) { break; }
 			old_message_array[i] = old_message_ptr;
 			old_message_ptr += old_message_array[i].length() + 1;
-			if (old_message_array[i].length() == 0) { break; }
 		}
 
 		uint32 new_message_size = 0;
 		std::string new_message_array[9];
 
 		for (int i = 0; i < 9; ++i) {
-			ServerToTitaniumTextLink(new_message_array[i], old_message_array[i]);
-			new_message_size += (new_message_array[i].length() + 1);
 			if (new_message_array[i].length() == 0) { break; }
+			ServerToTitaniumTextLink(new_message_array[i], old_message_array[i]);
+			new_message_size += new_message_array[i].length() + 1;
 		}
 
-		in->size = sizeof(FormattedMessage_Struct) + new_message_size;
+		in->size = sizeof(FormattedMessage_Struct) + new_message_size + 1;
 		in->pBuffer = new unsigned char[in->size];
 
 		char *OutBuffer = (char *)in->pBuffer;
@@ -521,10 +522,12 @@ namespace Titanium
 		VARSTRUCT_ENCODE_TYPE(uint32, OutBuffer, emu->type);
 
 		for (int i = 0; i < 9; ++i) {
-			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 			if (new_message_array[i].length() == 0) { break; }
+			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 		}
 
+		VARSTRUCT_ENCODE_TYPE(uint8, OutBuffer, 0);
+
 		delete[] __emu_buffer;
 		dest->FastQueuePacket(&in, ack_req);
 	}
diff --git a/common/patches/underfoot.cpp b/common/patches/underfoot.cpp
index 9f595a8e3..ea31aa68f 100644
--- a/common/patches/underfoot.cpp
+++ b/common/patches/underfoot.cpp
@@ -790,26 +790,27 @@ namespace Underfoot
 
 		unsigned char *__emu_buffer = in->pBuffer;
 
+		char *old_message_ptr = (char *)in->pBuffer;
+		old_message_ptr += sizeof(FormattedMessage_Struct);
+
 		std::string old_message_array[9];
 
-		char *old_message_ptr = (char *)__emu_buffer + sizeof(FormattedMessage_Struct);
-
 		for (int i = 0; i < 9; ++i) {
+			if (*old_message_ptr == 0) { break; }
 			old_message_array[i] = old_message_ptr;
 			old_message_ptr += old_message_array[i].length() + 1;
-			if (old_message_array[i].length() == 0) { break; }
 		}
 
 		uint32 new_message_size = 0;
 		std::string new_message_array[9];
 
 		for (int i = 0; i < 9; ++i) {
-			ServerToUnderfootTextLink(new_message_array[i], old_message_array[i]);
-			new_message_size += (new_message_array[i].length() + 1);
 			if (new_message_array[i].length() == 0) { break; }
+			ServerToUnderfootTextLink(new_message_array[i], old_message_array[i]);
+			new_message_size += new_message_array[i].length() + 1;
 		}
 
-		in->size = sizeof(FormattedMessage_Struct) + new_message_size;
+		in->size = sizeof(FormattedMessage_Struct) + new_message_size + 1;
 		in->pBuffer = new unsigned char[in->size];
 
 		char *OutBuffer = (char *)in->pBuffer;
@@ -819,10 +820,12 @@ namespace Underfoot
 		VARSTRUCT_ENCODE_TYPE(uint32, OutBuffer, emu->type);
 
 		for (int i = 0; i < 9; ++i) {
-			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 			if (new_message_array[i].length() == 0) { break; }
+			VARSTRUCT_ENCODE_STRING(OutBuffer, new_message_array[i].c_str());
 		}
 
+		VARSTRUCT_ENCODE_TYPE(uint8, OutBuffer, 0);
+
 		delete[] __emu_buffer;
 		dest->FastQueuePacket(&in, ack_req);
 	}
diff --git a/zone/client.cpp b/zone/client.cpp
index 55775943c..adaa7ce2f 100644
--- a/zone/client.cpp
+++ b/zone/client.cpp
@@ -2814,7 +2814,7 @@ void Client::Message_StringID(uint32 type, uint32 string_id, const char* message
 		return;
 
 	int i = 0, argcount = 0, length = 0;
-	char *bufptr;
+	char *bufptr = nullptr;
 	const char *message_arg[9] = {0};
 
 	if(type==MT_Emote)
@@ -2839,8 +2839,7 @@ void Client::Message_StringID(uint32 type, uint32 string_id, const char* message
 	for(; message_arg[argcount]; ++argcount)
 		length += strlen(message_arg[argcount]) + 1;
 
-	if (length == 0)
-		length = 1;
+	length += 1;
 
 	EQApplicationPacket* outapp = new EQApplicationPacket(OP_FormattedMessage, sizeof(FormattedMessage_Struct) + length);
 	FormattedMessage_Struct *fm = (FormattedMessage_Struct *)outapp->pBuffer;
@@ -2853,8 +2852,7 @@ void Client::Message_StringID(uint32 type, uint32 string_id, const char* message
 		bufptr += strlen(message_arg[i]) + 1;
 	}
 
-	if (argcount == 0)
-		bufptr = '\0';
+	bufptr = '\0';
 
 	if(distance>0)
 		entity_list.QueueCloseClients(this,outapp,false,distance);
@@ -2930,7 +2928,7 @@ void Client::FilteredMessage_StringID(Mob *sender, uint32 type, eqFilterType fil
 		return;
 
 	int i = 0, argcount = 0, length = 0;
-	char *bufptr;
+	char *bufptr = nullptr;
 	const char *message_arg[9] = {0};
 
 	if (type == MT_Emote)
@@ -2954,8 +2952,7 @@ void Client::FilteredMessage_StringID(Mob *sender, uint32 type, eqFilterType fil
 	for (; message_arg[argcount]; ++argcount)
 		length += strlen(message_arg[argcount]) + 1;
 
-	if (length == 0)
-		length = 1;
+	length += 1;
 
 	EQApplicationPacket *outapp = new EQApplicationPacket(OP_FormattedMessage, sizeof(FormattedMessage_Struct) + length);
 	FormattedMessage_Struct *fm = (FormattedMessage_Struct *)outapp->pBuffer;
@@ -2967,8 +2964,7 @@ void Client::FilteredMessage_StringID(Mob *sender, uint32 type, eqFilterType fil
 		bufptr += strlen(message_arg[i]) + 1;
 	}
 
-	if (argcount == 0)
-		bufptr = '\0';
+	bufptr = '\0';
 
 	QueuePacket(outapp);
 	safe_delete(outapp);