From 31eedd7e7e68394a8d3c8bbd2dfe802c3bc34bc0 Mon Sep 17 00:00:00 2001 From: Martin Michelsen Date: Sun, 5 Oct 2025 10:48:44 -0700 Subject: [PATCH] work around 6xD9 client bug --- src/CommandFormats.hh | 5 ++++- src/ReceiveSubcommands.cc | 3 ++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/CommandFormats.hh b/src/CommandFormats.hh index a5dea0fa..27bd8f3d 100644 --- a/src/CommandFormats.hh +++ b/src/CommandFormats.hh @@ -6356,7 +6356,10 @@ struct G_AddSRankWeaponSpecial_BB_6xD8 { } __packed_ws__(G_AddSRankWeaponSpecial_BB_6xD8, 0x24); // 6xD9: Momoka item exchange (BB; handled by server) -// The client sends this when it executes an F95B quest opcode. +// The client sends this when it executes an F95B quest opcode. The client has +// an unfortunate bug where it doesn't set the size field when generating this +// command, so the size ends up as an uninitialized value and the client sends +// more (or less!) data than necessary. struct G_MomokaItemExchange_BB_6xD9 { G_ClientIDHeader header; diff --git a/src/ReceiveSubcommands.cc b/src/ReceiveSubcommands.cc index bcf0f430..cf7aac09 100644 --- a/src/ReceiveSubcommands.cc +++ b/src/ReceiveSubcommands.cc @@ -5194,7 +5194,8 @@ static asio::awaitable on_momoka_item_exchange_bb(shared_ptr c, Su throw runtime_error("6xD9 command sent during free play"); } - const auto& cmd = msg.check_size_t(); + // See notes in CommandFormats.hh about why we allow larger commands here + const auto& cmd = msg.check_size_t(0xFFFF); auto s = c->require_server_state(); auto p = c->character_file(); try {