[Crash] Unchecked this.player.modifiers.* access in setModifiers packet #56
Description
Summary
Game server crashes when this.player.modifiers is undefined while building modifier packet.
Affected Code
server-game/src/client.js:562-568 (7 accesses)
output.packInt8U(this.player.modifiers.scale * 10); // CRASH if modifiers undefined
output.packInt8(this.player.modifiers.regenModifier * 10);
output.packInt8(this.player.modifiers.speedModifier * 10);
output.packInt8(this.player.modifiers.gravityModifier * 10);
output.packInt8(this.player.modifiers.damageModifier * 10);
output.packInt8(this.player.modifiers.resistanceModifier * 10);
output.packInt8(this.player.modifiers.jumpBoostModifier * 10);Vulnerability
If player initialization incomplete or modifiers not set.
Impact
- Game server crash when sending modifiers
- Denial of service
Recommended Fix
output.packInt8U((this.player.modifiers?.scale || 1) * 10);
output.packInt8((this.player.modifiers?.regenModifier || 0) * 10);
output.packInt8((this.player.modifiers?.speedModifier || 0) * 10);
output.packInt8((this.player.modifiers?.gravityModifier || 0) * 10);
output.packInt8((this.player.modifiers?.damageModifier || 0) * 10);
output.packInt8((this.player.modifiers?.resistanceModifier || 0) * 10);
output.packInt8((this.player.modifiers?.jumpBoostModifier || 0) * 10);