Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Integer Overflow Bug Leads To Diablo III Gold Duping

Soulskill posted about a year ago | from the many-foreheads-were-slapped dept.

The Almighty Buck 160

Nerval's Lobster writes "Online economies come with their own issues. Case in point is the Auction House for Diablo III, a massively multiplayer game in which players can pay for items in either in-game gold or real-world dollars. Thanks to a bug in the game's latest patch, players could generate massive amounts of virtual gold with little effort, which threatened to throw the in-game economy seriously out of whack. Diablo series publisher Blizzard took corrective steps, but the bug has already attracted a fair share of buzz on gaming and tech-news forums. 'We're still in the process of auditing Auction House and gold trade transactions,' read Blizzard's note on the Battle.net forums. 'We realize this is an inconvenience for many of our players, and we sincerely apologize for the interruption of the service. We hope to have everything back up as soon as possible.' Blizzard was unable to offer an ETA for when the Auction House would come back. 'We'll continue to provide updates in this thread as they become available.' Diablo's gold issue brings up (however tangentially) some broader issues with virtual currencies, namely the bugs and workarounds that can throw an entire micro-economy out of whack. But then again, 'real world' markets have their own software-related problems: witness Wall Street's periodic 'flash crashes' (caused, many believe, by the rise of ultra-high-speed computer trading)." It seems likely the gold duping was due to a simple integer overflow bug. A late change added to the patch allowed users to sell gold on the Real Money Auction House in stacks of 10 million rather than stacks of 1 million. On the RMAH, there exists both a cap ($250) and a floor ($0.25) for the value of auctions. With stacks of 1 million and a floor of $0.25, a seller could only enter 1 billion gold (1,000 stacks) while staying under the $250 cap. When the gold stack size increased, the value of gold dropped significantly. At $0.39 per 10 million, a user could enter values of up to 6.4 billion gold at a time. Unfortunately, the RMAH wasn't designed to handle gold numbers above 2^31, or 2,147,483,648 gold. Creating the auction wouldn't remove enough gold, but canceling it would return the full amount.

cancel ×

160 comments

Sorry! There are no comments related to the filter you selected.

fri$t p0st!!! (1)

luckymae (2691983) | about a year ago | (#43669543)

since 10 years ago! first post!!!

Limit checking (5, Insightful)

girlintraining (1395911) | about a year ago | (#43669547)

And this class, is why we use explicit type casting and do sanity checks (checking limits) prior to processing. Now, if you'll look on your screens, you'll see another example of this. Here is a failed mission to Mars, caused because the wrong unit of measurement was put into the computer, a problem caused by the lack of the human brain's compiler to make use of any data type except 'variant' and 'object'... So, what have we learned?

Re:Limit checking (2)

Samantha Wright (1324923) | about a year ago | (#43669621)

That Ada prevails in all things?

Re:Limit checking (1, Insightful)

solidraven (1633185) | about a year ago | (#43669781)

Yep, Ada and the closely related VHDL are both a success story for a very good reason. Yet a lot of people seem to hate both due to how strictly they enforce their rules. But Ada always wins when reliability is a must.

Re:Limit checking (2)

djlowe (41723) | about a year ago | (#43670515)

Hi,

That Ada prevails in all things?

Well, I suspect that you're being snarky, but you have a point. Sort of, in the sense that "If we can't trust the programmers to write good code, always, then we can force them to use a language that at least forestalls the worst of their blunders."

The real issue, of course, is NOT technical, at the programmer/developer level, for such a project. It's administrative, in the sense that, regardless of the chosen programming language, bad code that would allow this should NEVER have passed review.

Assuming that they set up such properly, of course, which apparently isn't the case.

And the latter, too, isn't a technical matter either, really.

Just my opinion.

Regards,

dj

Re:Limit checking (2)

Samantha Wright (1324923) | about a year ago | (#43671265)

That's basically it, yes. If I had my radical hat on, I might even go so far as to say this is yet more evidence that C (or, in this case C++) is not suitable for non-high-performance application-layer programming... but I dunno, it's getting pretty late.

Re:Limit checking (2, Funny)

Anonymous Coward | about a year ago | (#43669697)

tat puters' is hard.

Re:Limit checking (2, Interesting)

Anonymous Coward | about a year ago | (#43669707)

So, what have we learned?

That C is scaryscary and we're too lazy to do type checking, so we'll keep using the trendy, make-money-now languages, treating this as an outlier that won't happen to us, since we're so smart?

Re:Limit checking (5, Funny)

TubeSteak (669689) | about a year ago | (#43669729)

So, what have we learned?

That 2^31 gold ought to be enough for anybody?

Re:Limit checking (2, Informative)

girlintraining (1395911) | about a year ago | (#43670251)

That 2^31 gold ought to be enough for anybody?

Gryfindor loses 50 points.

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43670399)

Gryffindor has two f's.

Re:Limit checking (1)

Culture20 (968837) | about a year ago | (#43670653)

Yes. I hate games where gold is weightless. How does someone carry around that much gold?

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43671045)

If your character has trouble carrying 2^31 gold atoms, that's probably the least of its problems.

Re:Limit checking (1)

Entropius (188861) | about a year ago | (#43672333)

Ask Joseph Smith; his mor(m)ons apparently figured that out.

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43672515)

Gold, shmold. A good Mormon gets their own universe to rule as god. Though they are going to be mighty lonely if their children are all good (male) Mormons and get their own universes to rule.

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43672439)

6x10^23 gold atoms is 200 grams. 2^31 gold atoms is a picogram, which is the wet mass of an e. coli bacterium.

2^88 gold atoms is 100kg, which is probably more than a person wants to be carrying around.

Re:Limit checking (-1)

Anonymous Coward | about a year ago | (#43669815)

And this class, is why we use explicit type casting...

Grammar police here. You're missing a comma. That should say:

And this, class, is why we use explicit type casting...

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43669819)

What have we learned? That it's best to perform all monetary transactions in arbitrary-precision unary. 8^D

p.s. The only downside it's much harder to write out 5318008 in unary, and /.'s lameness filter stopped me before I got anywhere close. :-(

Re:Limit checking (1)

Anonymous Coward | about a year ago | (#43669903)

So, what have we learned?

That next time when we launch something headed to Mars, we should duct tape you to it, with a sign that reads:

if (ego > INT_MAX)
airsupply = INT_MAX+1; // Just to make sure there's enough to make it back

Let us know what Mars is like, and take some pretty pictures while there. Try not to upset the rovers too much, once their clock overflows they get quite moody.

Re:Limit checking (1)

Anonymous Coward | about a year ago | (#43672141)

Warning: Unreachable code.

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43669969)

And this class, is why we use explicit type casting and do sanity checks (checking limits) prior to processing. Now, if you'll look on your screens, you'll see another example of this. Here is a failed mission to Mars, caused because the wrong unit of measurement was put into the computer, a problem caused by the lack of the human brain's compiler to make use of any data type except 'variant' and 'object'... So, what have we learned?

That girlintraining is actually captain hindsight?

Well done! Well done! That's some mighty fine no-shit-sherlock work you're doing there and I'm glad every single test case was instantly obvious to you while they're clearly just standing around with their thumbs up their asses!

Go ahead and throw stones as you've clearly never erred in deploying production code that equates to hundreds of thousands of lines of code.

Re:Limit checking (4, Insightful)

Austerity Empowers (669817) | about a year ago | (#43670205)

So, what have we learned?

Gamers gonna game, and real money auction houses are a bad idea...

Re:Limit checking (1)

AlamedaStone (114462) | about a year ago | (#43670237)

[...] real money auction houses are a bad idea...

Some of us knew this a long, long time ago. I have to admit, I'm feeling terribly smug right now.

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43671251)

You just overflowed the smugness scale?

Re:Limit checking (0)

Anonymous Coward | about a year ago | (#43671163)

Gamers gonna game the RMAH.

Re:Limit checking (4, Funny)

Jesus_666 (702802) | about a year ago | (#43670639)

So, what have we learned?

To always use 64-bit numbers, duh.

Re:Limit checking (3, Informative)

broken_chaos (1188549) | about a year ago | (#43671685)

One bug, which I reported about WoW two years ago, shows an integer underflow on a character statistics page under certain conditions. It still hasn't been fixed. Minor? Yeah, but give a bit of a pattern.

Arrests will be made... (0)

Anonymous Coward | about a year ago | (#43669581)

And several arrests - this is computer hacking of exploiting a known bug to your advantage.

Re:Arrests will be made... (0)

dingen (958134) | about a year ago | (#43669807)

Yeah, I'm sure the Chinese government is very upset with these hackers who just made them lots of American dollars.

Re:Arrests will be made... (0)

Anonymous Coward | about a year ago | (#43670029)

Oh, honey...

Re:Arrests will be made... (4, Insightful)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43670175)

And several arrests - this is computer hacking of exploiting a known bug to your advantage.

It will actually be interesting to see. Historically, people who come up with glitch exploits, even in multiplayer and MMORPG contexts, just get banned for some ToS reason. Blizzard's precious little 'Auction House', of course, might change that. However, I suspect that Blizzard really doesn't want to push the idea that 'in-game items are legally real value' too seriously, both because that could complicate things if players end up 'owning' them, rather than the current "Everything in this game is just intellectual property of blizzard...yadda yadda, licensed not sold,etc.", and because it would be a real blow, to the US customer base, if it were decided that Blizzard was running something closer to a very complex flavor of video poker, rather than a mere video game that you can buy some DLC for.

Obviously Blizzard won't be happy, and the banhammer will see some use; but they might want to tread lightly.

Re:Arrests will be made... (1)

Impy the Impiuos Imp (442658) | about a year ago | (#43670357)

It's too bad every organization that flips a few bits and creates tens of billions out of nothing doesn't go to jail.

Re:Arrests will be made... (1)

Bing Tsher E (943915) | about a year ago | (#43670875)

The US Government can't all be fit into a jail.

Re:Arrests will be made... (0)

Anonymous Coward | about a year ago | (#43671433)

Just the senators, congressmen, president, vice presidenc, and department heads would be fine by me.

Re: Arrests will be made... (0)

Anonymous Coward | about a year ago | (#43671853)

Everyone sucks but me!!!
I know all the answers and if I were dictator everything would be rainbows and puppy dogs! ...dumbass

Obligatory Big Bang Theory reference (-1)

Anonymous Coward | about a year ago | (#43669667)

I'm just a dumb gamer wanna be geek who wants to sound smart but my science education came from a gay ass sitcom.

Re:Obligatory Big Bang Theory reference (0)

Anonymous Coward | about a year ago | (#43670189)

Yes, you are. We can tell, because that's the only sort of person who gets their panties in a twist about TV shows.

Re:Obligatory Big Bang Theory reference (1)

Entropius (188861) | about a year ago | (#43672343)

So is it a sitcom that is gay and about asses, or an ass sitcom that is gay, or a sitcom about gay asses?

ah the day of the diablo II trainer (5, Funny)

Revek (133289) | about a year ago | (#43669711)

I remember the day when you could strip the gear off anyone playing a multiplayer game with the trainer. I usually used it on jerks who came in collecting ears. If someone came in you could quickly look at their inventory and if they had several ears you could clear out their inventory and gear. They wouldn't know visually until they tried to hit you at which time they would be completely naked. It was really fun when they re-spawned and came back to loot their body and you started dropping some of the ears they collected on the ground.

Re:ah the day of the diablo II trainer (0)

Anonymous Coward | about a year ago | (#43669989)

So if somebody played the game differently than you they were "jerks"?

Re:ah the day of the diablo II trainer (3, Interesting)

Revek (133289) | about a year ago | (#43670455)

You mean the guy with the duped jacked up account that guaranteed that they could one hit you every time? Yeah I messed with his world. Now the guy without the duped jacked up shit I could handle myself. I had fun but I mostly used it to contain the guy who would come in at the 11th hour and whack all of us with his duped gear and finish the game to get some legit gear all to himself. So yes if they played the game like a luser I spanked them.

Re:ah the day of the diablo II trainer (0)

GigaplexNZ (1233886) | about a year ago | (#43671345)

By my definition, you were playing the game like a "luser".

Re:ah the day of the diablo II trainer (1)

Anonymous Coward | about a year ago | (#43671809)

By my definition, the "loser" is you.

Perspective... (0)

Anonymous Coward | about a year ago | (#43669751)

This bug "threatened to throw the in-game economy seriously out of whack", yet some people had over 2.1 BILLION gold to throw on the AH?

Re:Perspective... (1)

gl4ss (559668) | about a year ago | (#43670171)

This bug "threatened to throw the in-game economy seriously out of whack", yet some people had over 2.1 BILLION gold to throw on the AH?

yeah the game is basically a joke already.

the wall street flash crashes have NOTHING AT ALL to do with this though. NOTHING.

because the wall street would be really out of business if someone managed to dupe shares.

Re:Perspective... (2)

UnknownSoldier (67820) | about a year ago | (#43670255)

Agreed.

Auction House Simulator, aka, Diablo 3, is boring.

Path of Exile is the true spiritual sucessor to Diablo 2, not that piece of garbage called Diablo 3 with cardboard cutout characters. The PoE designers understand the ONE word that made Diablo 2 fun: itemization.

Re:Perspective... (1)

Moheeheeko (1682914) | about a year ago | (#43671083)

Too bad its always online bullshit with very poor connection speeds. Half the things I kill in that game die a full second after they are hit, and I have great internet.

Re:Perspective... (0)

Anonymous Coward | about a year ago | (#43671821)

Too bad its always online bullshit with very poor connection speeds. Half the things I kill in that game die a full second after they are hit, and I have great internet.

Connection speeds means bandwidth. The problem you're having is latency.

Re:Perspective... (2)

GigaplexNZ (1233886) | about a year ago | (#43671357)

Path of Exile is the true spiritual sucessor to Diablo 2

That title goes to the Torchlight series.

Re:Perspective... (2, Insightful)

Anonymous Coward | about a year ago | (#43670605)

because the wall street would be really out of business if someone managed to dupe shares.

Sorry. What you call "duping shares" they call "naked short selling", and they are still very much in business.

Beginner's Mistake (2, Funny)

Anonymous Coward | about a year ago | (#43669813)

What a beginner's mistake. I wonder what the rationale was for not using a 64-bit integer; "It's wasteful!"

Re:Beginner's Mistake (2, Insightful)

Anonymous Coward | about a year ago | (#43669899)

It's simple really...

They elected to buy 2 newbie programmers for the price of 1 experienced one! And the new guys will work all night! It's win-win!

Re:Beginner's Mistake (0)

Anonymous Coward | about a year ago | (#43670443)

Internally, we had this super hardcore test group, and we got it to the point where they hated the game. Then we doubled it.

Whatever happened to that "super hardcore test group" anyway?

Integer overflow you say? (1)

folderol (1965326) | about a year ago | (#43669967)

How quaint. I can't remember the last time I saw one of those (except where deliberately created for loop counters etc.).

Re:Integer overflow you say? (2)

gl4ss (559668) | about a year ago | (#43670209)

How quaint. I can't remember the last time I saw one of those (except where deliberately created for loop counters etc.).

well, this serves more as an example of how fucked up the game economics already were in D3, because the problem came up from having to increase stack sizing from 1 to 10 million.

I mean, wtf, is diablo 3 set in zimbabwe?

Re:Integer overflow you say? (1)

imsabbel (611519) | about a year ago | (#43671241)

Its a game where money is not really "destroyed", but created everytime a monster is killed. OF COURSE it has inflation.

Re:Integer overflow you say? (0)

Anonymous Coward | about a year ago | (#43671761)

Way more common than you would think: http://www.cs.utah.edu/~regehr/papers/overflow12.pdf

Hyperinflation (0)

Anonymous Coward | about a year ago | (#43670111)

Part of the reason I stopped playing D3 was hyper-inflation. I didn't want to spend real money on items, but my gold (which I spent a long time collecting) was completely useless for buying items of worth.

Also the game was tuned to make it impossible to farm hell chapter 3-4 without the best items...and the only practical way to get there was to have those items already...which meant buying items...with useless gold. We see the problem here, ja?

Re:Hyperinflation (1)

fuzzyfuzzyfungus (1223518) | about a year ago | (#43670261)

I suspect that the desire to get people plunking down real money didn't help; but MMORPGs have a long history of economies that render their currencies nearly entirely obsolete after a short time, at least for anybody who isn't a level 3 newb saving up for stuff that the NPC blacksmith actually sells. Even 'open world' single player RPGs frequently succumb to "I have more money than the world has things to buy"-itis after a few levels.

Re:Hyperinflation (1)

GigaplexNZ (1233886) | about a year ago | (#43671367)

Farming Hell 3-4 was easy. Perhaps you mean Inferno?

Bad PR? (1)

TubeSteak (669689) | about a year ago | (#43670131)

What could Blizzard do? Performing a roll-back would wipe all progress obtained by players for the patch day, which would result in a lot of bad PR. But leaving the economy as-is will devalue all items in the game (and Diablo III is all about getting items).

In the end, Blizzard has not done a roll-back, but instead banned anyone who duped, and refunded anyone who spent real money. The bug was temporarily fixed by reverting the patch note which caused the entire mess.

Why would rolling back 1 day of gameplay be such a disastrous event?

Re:Bad PR? (4, Insightful)

gl4ss (559668) | about a year ago | (#43670183)

What could Blizzard do? Performing a roll-back would wipe all progress obtained by players for the patch day, which would result in a lot of bad PR. But leaving the economy as-is will devalue all items in the game (and Diablo III is all about getting items).

In the end, Blizzard has not done a roll-back, but instead banned anyone who duped, and refunded anyone who spent real money. The bug was temporarily fixed by reverting the patch note which caused the entire mess.

Why would rolling back 1 day of gameplay be such a disastrous event?

why? because people spent actual money and made actual money?

Re:Bad PR? (1)

happylight (600739) | about a year ago | (#43670203)

Rolling back millions of players most of whom haven't even heard of the dupe? Or ban the handful of people who were involved in the dupe and revert any transaction they had with other people? Seems like an easy choice.

Re:Bad PR? (1)

Anonymous Coward | about a year ago | (#43671461)

Or ban the handful of people who were involved in the dupe and revert any transaction they had with other people?

Duper pays innocent one 5000 gold (for a total of 6000 gold in innocent one's bank). Innocent one pays innocent two 4000 gold (4500 in bank). Innocent two pays innocent three 4200 gold. So on and so forth. Even though they are innocent, one, two, and three still have transactions based on duped gold. Do you revert those transactions or not? What about innocent four who pays innocent five 500 gold for an item that should have only cost 5 gold? It's not clear that any transactions after the dupes started were truly authentic.

Note: the gold amounts are obviously low. The actual amounts were probably more like 500,000,000, etc. I just didn't want to write all those zeroes or million gold everywhere.

Re:Bad PR? (1)

Hentes (2461350) | about a year ago | (#43670319)

IIs that even possible? Are they keeping backups of the game state for every single day?

Re:Bad PR? (1)

seebs (15766) | about a year ago | (#43670837)

So far as I know, most online games have a transaction store, so they can roll back to any second they want.

Re:Bad PR? (1)

Lakitu (136170) | about a year ago | (#43670503)

uh, are you kidding?

It's because people paid for a game, were force-fed always-online-even-for-single-player, and then may have spent hours playing on the day in question.

How is that not disastrous?

Re:Bad PR? (1)

GigaplexNZ (1233886) | about a year ago | (#43671377)

Why would rolling back 1 day of gameplay be such a disastrous event?

So you wouldn't mind paying $250 for an item, and then lose the item due to Blizzard rolling back?

Confused (3, Insightful)

Murdoch5 (1563847) | about a year ago | (#43670163)

Why are they using a signed int for the gold amount? If the lowest gold amount is 0 then you should use an unsigned int which would double the possible value. Although in either case a simple if statement could of prevented this entire issue.

Re:Confused (2)

UnknownSoldier (67820) | about a year ago | (#43670281)

Lazy programers with no foresight.

It is same reason people "assumed" a 32-bit IP address would be enough instead of just using 64-bit from the beginning.

There is never time to do it right, but there is always time to do it over!

Re:Confused (1)

Murdoch5 (1563847) | about a year ago | (#43670353)

well I can see the logic for IPV4 when it came out, I mean at the time 4 billion IP's was unthinkable. But as for lazy programming, I completely agree.

Re:Confused (0)

Anonymous Coward | about a year ago | (#43671387)

They wanted to use 128bit from the beginning, but they figured it would be easier to explain to managers on a 32bit design, but then the prototype went live.

Re:Confused (1)

Shennan (7821) | about a year ago | (#43670287)

In general, it's a good idea to used signed ints whenever possible.

Here are the only 2 reasons I see for unsigned ints:
- matching hardware or wire spec
- You need the extra range afforded, and don't need negative numbers.

And the reasons for using signed integers otherwise:
- It prevents other overflow and comparison problems. Ie, fixes other dumb coding issues like "if (my_gold - your_gold > 0)" becomes a bug when the gold types are unsigned.

Re:Confused (1)

Murdoch5 (1563847) | about a year ago | (#43670379)

I completely disagree, unless you have a reason to support numbers less then 0 you should always go with unsigned. Also depending on the language unsigned int's are safer and have standardized behaviour imposed, for instance in C an unsigned int must behave in a very predictable manor well a signed int doesn't have the same restrictions.

Re:Confused (5, Informative)

Anonymous Coward | about a year ago | (#43670569)

You couldn't be more wrong. Signed ints are usually the best way to go in C/C++.

>in C an unsigned int must behave in a very predictable manor

"unsigned int x = -3;" generates no compile errors or warnings.

If you don't believe me, listen to the creator of C++ (Bjarne Stroustrup):

"The unsigned integer types are ideal for uses that treat storage as a bit array. Using an unsigned instead of an int to gain one more bit to represent positive integers is almost never a good idea. Attempts to ensure that some values are positive by declaring variables unsigned will typically be defeated by the implicit conversion rules."

Re:Confused (0)

c++0xFF (1758032) | about a year ago | (#43670723)

Too bad you're an AC. This post is spot-on.

Mixing signed and unsigned values can result in unexpected behavior. Trust me, don't mix them if you can avoid it.

You get a bit of a larger upper range (2x more, not all that much really), while introducing a whole new set of problems at the bottom end (what if you underfow?).

Avoid unsigned unless there's a good reason to use it. There are definitely good reasons -- it's a pain that Java got rid of unsigned! -- but avoid in general. Don't just use unsigned if your values are never supposed to go negative. If you need larger range, go to a larger data type.

Re:Confused (0)

Anonymous Coward | about a year ago | (#43672495)

Too bad you're an AC. This post is spot-on.

? Why is it too bad he's an AC?

Re:Confused (5, Interesting)

flargleblarg (685368) | about a year ago | (#43671337)

You couldn't be more wrong. Signed ints are usually the best way to go in C/C++.

Actually, he's not wrong at all. He said signed integers don't behave in a very predictable manner, and he's right. Signed integers have undefined (actually, to be more precise, implementation-defined) behavior for mod and div of negative values. You cannot be sure whether -4 / 3 is -1 or -2, without knowing how your compiler implements it. Some round toward zero, others toward negative infinity. Recent drafts of C++ are trying to fix this.

Re:Confused (1)

Old Wolf (56093) | about a year ago | (#43672407)

"unsigned int x = -3;" generates no compile errors or warnings.

This supports the point of the poster you were referring to. The code is correct, predictable, and generates no warnings.

If you don't believe me, listen to the creator of C++

C and C++ are different languages. The implicit conversion rules and the promotion rules are different in C++ to C. In C, unsigned types always promote to unsigned types. But in C++, unsigned types may promote to signed ones, if the value fits in the signed range.

Re:Confused (1)

Old Wolf (56093) | about a year ago | (#43672375)

In general, it's a good idea to used signed ints whenever possible.

Says who?

In C, signed ints have a whole lot of problems associated with representation and overflow. But unsigned ints have well-defined behaviour in every circumstance. They wrap around in case of overflow or an out-of-range assignment. You can safely test, set and reset individual bits.

With signed ints, you can raise a signal (triggering a signal handler, or aborting the program if there is no handler) if there is overflow or underflow. Using '^', '|' or '&' on signed values can trap due to creating an invalid representation (e.g. negative zero, or parity error).

Test: what is wrong with this code snippet (assuming the appropriate furniture)? Hint: it doesn't always print 0x82.
    char ch = 130; /* é in the traditional code page */
    printf("0x%x\n", (unsigned int)ch);

Re:Confused (1)

Hentes (2461350) | about a year ago | (#43670333)

The summary is wrong, they used an unsigned int and the overflow occured at 2^32.

Re:Confused (1)

Murdoch5 (1563847) | about a year ago | (#43670403)

Okay fair enough, however this would of still worked
if( gold_max 2^32 ){ /* DO STUFF */ } else { /* DO OTHER STUFF */ }. It really is a very simple check.

Re:Confused (0)

Anonymous Coward | about a year ago | (#43670575)

Except it won't work if gold_max is a 32-bit unsigned int. If it is, gold_max will always be less than 2^32, and your code optimizes to /* DO STUFF */. Which, while very simple, is not a check.

Re:Confused (5, Insightful)

c++0xFF (1758032) | about a year ago | (#43670611)

Integer underflow. Imagine a situation where a player has 100 gold and a bug in the code subtracts 101 gold for whatever reason. If you use a 32-bit unsigned integer, that player now has 4,294,967,295 gold. A 64-bit unsigned is even worse, of course.

A simple if statement would catch this as well, right? But think of how often you do addition and subtraction (and everything else) throughout your code! Do you put an if around each one? Can you handle the error situation in each case? How do you ensure that you found every addition and subtraction, including future changes?

A better solution is to make a Money class with well-defined operations, and throw an exception if you try to exceed the boundaries. Sounds easy ... but it has to be flexible enough to handle all situations (the class has to be used for all intermediate values -- it's no good to resort to an int, where problems might come back) while still being robust. ("I know, I'll use a class!" ... now you have two problems. "I know, I'll use exceptions!" ... now you have three.)

This is not an easy problem to solve for non-trivial software, which is why bugs like this come up periodically.

Re:Confused (1)

Murdoch5 (1563847) | about a year ago | (#43671321)

Fair enough! I didn't really consider the under flow case.

Luls. (3, Informative)

neminem (561346) | about a year ago | (#43670283)

Basically this exact thing happened to Kingdom of Loathing... like 9 years ago... at a time when that game was basically still in beta, and was basically the work of two people, neither of whom would actually have called themselves "programmers" at the time... as opposed to the work of a giant team of professionals releasing a triple-A title... that is mega hilarious.

(Black Sunday: August 8th, 2004, someone discovers that using a particular item, "meat vortex", which under normal circumstances subtracts a handful of the game's currency from your inventory, if you had 0 meat would instead wrap around and give you max meat minus a few, because the game was storing meat in an unsigned int. Fun times!)

Re:Luls. (1)

Rhys (96510) | about a year ago | (#43671349)

Those who froget the past are doomed to repeat it: Asheron's call had a similar issue back in 99-2000 era.

Macintosh Pirates, circa 1989 (3, Funny)

BenJeremy (181303) | about a year ago | (#43670523)

I discovered a bug with the gold in Pirates! while watching somebody play on my roommate's Mac (we were stationed in Okinawa on Camp Kinser)... he went into port with damage, and while he did not have enough money, it offered to repair his damaged ships for more money than he had.

Needless to say, the underflow was done to a UINT16 used to track gold (in 10-gold increments), so you'd end up with around 655350 gold after the transaction. That kept your crews happy, and let you buy lots of things.

I also enjoyed the mental image of 1200 pirates hanging off a sloop after I sold off my fleet.

We put in ungodly hours into that game.

Diablo III is NOT an MMO (1)

Anonymous Coward | about a year ago | (#43670571)

Diablo III is not an MMO. You are capped at what, 4 people in a game at once? A massively multiplayer online game allows a lot more than that.

Fiat Simulated Money! (1)

Anonymous Coward | about a year ago | (#43670777)

If they had used actual bitcoins instead of simulated fiat gold, their simulated economy wouldn't be having simulated inflation.

The interesting thing about this.... (3, Insightful)

The_Revelation (688580) | about a year ago | (#43670955)

... is that Blizzard have often touted the very reason the game carries an always connected requirement is so that they can ensure the economy works correctly and to limit exploits through 3rd party applications. It seems rather clear, however, that the 1st party application is the only one you need to exploit the system. And, as usual, the question must be asked "does this make the game more fun?".

As I see it, this has been Blizzard's only metric for success with Diablo 3, not profitability, as we will see later. They claimed that by breaking the existing mould, they were providing a 'more fun' experience. So, the question then becomes, does the AH or RMAH make the game more fun? Interestingly, Blizzard don't appear to be packaging these components with the Playstation 3 edition. Is that because it turns out all of the changes to Diablo 3 were 'not fun', or is it because Playstation 3 users don't deserve 'as much fun', or is playing with a controller rather than a mouse and keyboard 'so much more fun' that their combination with the AH/RMAH turned into a 'fun overload' that had to be dialled back in order not to blow our puny little minds?

It also asks another important question about the business model. Is always-on net requirements 'more fun', particularly when they don't add anything to play beyond what a direct/lan connection might provide. When you try to enumerate the pros/cons, you see something like:
Pros: Everyone uses the latest version all the time if they want to play
Everyone playing has to have a working key

Cons: Internet Connection must be working to play
Need a server farm in every retail country so that paying customers can play (well, they don't even now, and charge people in those countries more money per copy so that they can have a game that they don't have local server access play)
Servers have to be working in order to play
User account has to be working in order to play
If we rolled out a dodgy patch, everyone will be broken at once
We have to know the product life-cycle prior to release in order to cost all of our servers' TCO correctly.
We have to keep talking to everyone to make sure the game is working to their expectations and forever hear about shortcomings

Economically, I don't understand how game companies are able to turn a profit on a title with those kinds of restrictions and ongoing costs. As a small example, lets say one of your servers can host 200 users at a time, but the server cost $20k, thats $100 per concurrent user before you turn the thing on. Maybe it can host 2000 users at a time, sure but thats still $10 per concurrent user before you turn it on or pay any support personnel, or for space on the floor. Surely, over the life of your product, you would be operating a negative margin without some sort of subscription service. I have read other places that, while you can't place a cost on piracy, you can place a cost and a metric on product returns. Diablo 3 is one of the few games I've ever returned, it was unusable for the first week, and is still, in most parts of the world (outside the US/EU/ASIA) mostly unplayable. Despite that, the parts of the game that were modified to provide 'more fun' actually provided, for me, a fan of the Diablo franchise, 'a lot less fun'.

So, to say that another way, by insisting on Always-Connected, Blizzard not only have to pay a bunch of additional ongoing expenses to run (apparently) necessary infrastructure, its also alienating their core user-base which must be very costly to their bottom line. I don't understand how this course of action renders any kind of net commercial advantage.

Re:The interesting thing about this.... (2)

GigaplexNZ (1233886) | about a year ago | (#43671435)

Economically, I don't understand how game companies are able to turn a profit on a title with those kinds of restrictions and ongoing costs. As a small example, lets say one of your servers can host 200 users at a time, but the server cost $20k, thats $100 per concurrent user before you turn the thing on. Maybe it can host 2000 users at a time, sure but thats still $10 per concurrent user before you turn it on or pay any support personnel, or for space on the floor. Surely, over the life of your product, you would be operating a negative margin without some sort of subscription service.

They do it by selling hundreds of millions of copies worldwide and assume that not every user will log in simultaneously 24/7, and that some users will abandon the game shortly after purchase. Oversubscription leads to higher profit margins at the cost of release day meltdowns.

Back in my day... (1)

Anonymous Coward | about a year ago | (#43671037)

We duped our gold the way God intended: by pulling an item out of our belt as we picked it up.

Kids these days....

Re:Back in my day... (1)

Culture20 (968837) | about a year ago | (#43671915)

Yeah, well; nothing beats "examine butterfly; sell butterfly".
It works because the examine butterfly implicitly takes the butterfly out of the goblet for the rest of the command string (so that the examine functions), but you can sell it in the same command string. The butterfly's value doubles every time it escapes from the display case, but you have to avoid the overflow because they used a signed int for zorkmids.

And nothing of value was lost (4, Insightful)

Eightbitgnosis (1571875) | about a year ago | (#43671069)

Diablo 3 was a bad game that had a garbage economy before this event, and it's still a bad game that has a garbage economy after

Re:And nothing of value was lost (1, Insightful)

Anonymous Coward | about a year ago | (#43671319)

You couldn't handle Inferno huh?

i didn't know goldman sachs did programming. (0, Troll)

NemoinSpace (1118137) | about a year ago | (#43671099)

you should check your H1-B's more carefully.

Another precedent (1)

slashmydots (2189826) | about a year ago | (#43671361)

In the very old game, Mordor, you could create a dummy character and trade negative 1 million gold to the. They get negative, you get positive. Then you delete them. This is just barely one step past that (and at least 15 years past that, lol)

Diablo 3 hack? (1)

argStyopa (232550) | about a year ago | (#43671431)

I'm not sure how this is a big deal?

After all, pretty soon the only other person still playing is going to know what's going on.

Wish my bank would use integers for math (1)

mendax (114116) | about a year ago | (#43672105)

It would be nice if my bank's software had this kind of bug. It would be like winning the lottery... until they learned what happened and wanted their money back! But on a more serious note banks aren't supposed to have these problems because they don't use integers for storing monetary amounts, they use BCD or something along those lines. One of the few nice things that can be said about COBOL is that it natively permits this. No need for a Java BigInteger or BigDecimal class. Furthermore, the IBM mainframes that most COBOL programs run on can do these calculations in hardware (or so I understand).

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?