common standard programming library string formatting; example: print("Hello %s, welcome to Freeport", PlayerName) would output "Hello Herf, welcome to freeport" an example of the kinds of bugs this might cause (that was fixed long ago); in the game Counterstrike, if you set your name to "(%d)" it would replace the %d with the value of the next memory location. so your name would be a random number displayed each time "(7462273)" or "(0)" or "(27427864)" mildly amusing. but if you set it to "(%s)" if would instead use that random number as a memory address of a string, and try to read that string, and crash the game with a memory access error. I've seen this type in invalid memory access in EverQuest while assisting a dev with crashes in the advanced loot window, where if you right-clicked an item in the window, and left the little menu up, the item randomed off or rotted out of the window... if you then tried to left-click access the item in the menu, it would try to access something that no longer existed, and crash the client. One of the complexities of a real-time game is you can't always be sure that what you are trying to act on still exists. Like if you are /follow'ing someone who just zoned out; if the server tries to resolve the %t for a target that still existed on your client, but is gone from the server, if it was coded very, very wrong, it might access an invalid address in the process and crash the zone.
Thank you, I appreciate, understand, and agree with your example of how something like this could be misused. That said, there's such a use as scanf("%20s", buf) which is not on write side but the read side and, if EQ were written in C, I would fully expecting something analgous to this, with additional error checking. Hence my question about where it's defined in EQ: it is not. That was my question and you've answered it, thanks again.
