Discovering Old Bugs

In my efforts to parse through the disassembled Legend of the Red Dragon code, I found a quirk which bugged me enough to really look into.

The problem was/is, when creating a new character, if you put spaces after your name, it tells you your name isn't long enough. Why is that? I thought I had identified what the functions which interacted with the inputted string were doing. One stripped leading spaces, one stripped trailing spaces, and the other stripped out bad color codes and fowl language. It made no sense to me.

So I took a more active approach. I tried cracking the EXE, individually removing calls to the above mentioned functions which would have modified the name you typed. I wanted to see which would make the "try a longer name" stop happening. Turned out, the function call to strip trailing spaces was in fact misbehaving. But again, why? I looked through it many times and it seemed okay. Was it some slight difference in a flag being set on a modern CPU, maybe? I've heard of an instance between 8086 and 286, but nothing really beyond that. Was the Turbo Pascal function to delete a character from a string somehow at fault, in need of some kind of modern patch? Both seemed unlikely, but I was at a loss otherwise. And I wanted/needed to know.

The only way to know what was really happening was to see it in action. So I used a version of DOSBox with the built-in debugger, tracked down the function in the game to strip trailing spaces, and stepped through it line by line. That's when I realized that it was nothing as complicated as I might have thought. Seth Able had just programmed it wrong the whole time!

The function is looping through every character, starting at the end of the string, checking if it's a space, deleting the last character of the string if so, then checking if the string is empty before starting the loop over. Except the bug is that he wasn't updating the variable which held the string position to check for the next space character. Instead of actually stepping backwards through the string, it was checking the exact same memory location each time through the loop. So if the last character of the initial string was a space, it was going to see a space every time through the loop, regardless of what the last character of the updated string actually was. So it just kept shortening the string length until it was 0 chars long. He should have either been decrementing the position variable at the end of the loop, or getting the string length at the beginning of the loop.

The function is used in a few other places in the game, too, so they would have the same problem.

So, that's why when you type a name with spaces on the end, it thinks your name is too short. Because technically, it is!



p.s. This exists in both LORD 3.55 and 4.00a. I don't know how many other versions, but those are the last ones from Seth himself. I checked 4.07 from Michael Preslar, and the bug has since been corrected.