Over the weekend, gamers within the Future 2 group began to discover a game-breaking bug that may very well be activated simply by sending in-game chat messages to different gamers. Bungie responded on Saturday by quickly disabling all in-game chat whereas it investigates the problem.
“The workforce is conscious of the exploit proper now that’s inflicting some gamers to be kicked and are actively engaged on figuring out what’s inflicting the problem and addressing it,” Future 2 Neighborhood Supervisor Liana Rupert wrote on Twitter simply earlier than chat was disabled throughout the sport.
Scrub these inputs
The damaging exploit concerned a string over 200 characters lengthy, composed principally of Chinese language characters, based on a number of gamers who got here throughout it over the weekend (and who shared the forbidden textual content with Ars Technica). The precise means these Chinese language characters are encoded in Unicode means every one can take up extra reminiscence house than a single-byte ASCII character.
Observers recommend that distinction means the message, as encoded, might overflow into different areas of in-game reminiscence, even when the message itself appeared to fulfill the same old character-length checks meant to stop this. The results of that overflow was a so-called WEASEL error that instantly crashed the recipient’s recreation, as might be seen in this pattern video.
Earlier than the shutdown, gamers may very well be hit by the exploit by way of the sport’s focused “whisper” chat messages or by way of native chat messages despatched from members of your individual Fireteam.
Future‘s textual content troubles come months after Amazon’s New World MMO confronted bother from gamers who found out learn how to course of HTML strings within the in-game chat field. This led to a number of exploits together with one which flooded gamers’ screens with photos of large sausages and one other that crashed video games when gamers hovered over a specifically formatted hyperlink.
Bungie had already scheduled a hotfix rollout for Tuesday, August 2, so this complete subject may very well be totally resolved relatively shortly. However let this be a lesson to all you coders on the market: be sure you’re totally sanitizing your inputs earlier than letting them get despatched throughout your gaming chat!