Bungie turns off Future 2 textual content chat to stop malicious exploitation

Screenshot of a character in Destiny 2
Enlarge / It’s quiet…so quiet…

Over the weekend, the players in Fate 2 community started arrive notice a game-breaking bug that can be triggered simply by sending in-game chat messages to other players. Bungie reply on saturday by temporarily turning off all in-game chat while investigating the issue.

“The team is aware of the exploit right now that is causing a number of players to be sent off and is actively working to identify the cause of the problem and address it,” Fate 2 Community Manager Liana Rupert wrote on Twitter right before the chat was turned off in the game.

Scrub those inputs

The malicious exploit involved a string longer than 200 characters, consisting mainly of Chinese characters, according to many players who viewed it over the weekend (and who shared the banned text with Ars Technica. ). How specifically these Chinese characters encoded in Unicode which means each can take up more memory space a one-byte ASCII character.

Observer suggestions that difference means that the message, as encoded, can overflow into other areas of memory in the game, even if the message itself appears to meet the usual character length checks intended to prevent this. The result of that overflow is so-called WEASEL error that immediately ruins the receiver’s game, as can be seen in this sample video.

Prior to the shutdown, players could be exploited through the game’s targeted “whisper” chat messages or through local chat messages sent from members of the Fireteam’s Fireteam. only you.

LifeText troubles come months after Amazon New world MMO faces trouble from players figure out how to handle HTML string in game chat box. This leads to multiple exploits include one fills the player’s screen with images of giant sausages and another The game crashes when the player hovers over a specially formatted link.

Bungie had hotfix release schedule on Tuesday, August 2nd, so this whole issue can be completely resolved in no time. But let this be a lesson to all of you programmers out there: make sure you’re thoroughly cleaning up your inputs before letting them be sent through your game chat!

Leave a Comment