Code:
char* response;
int sayid = ivrs->item_id - 500000;
if (sayid && sayid > 0)
{
const char *ERR_MYSQLERROR = "Error in saylink phrase queries after clicking the link";
char errbuf[MYSQL_ERRMSG_SIZE];
char *query = 0;
MYSQL_RES *result;
MYSQL_ROW row;
if(database.RunQuery(query,MakeAnyLenString(&query,"SELECT `phrase` FROM saylink WHERE `id` = '%i'", sayid),errbuf,&result))
{
if (mysql_num_rows(result) == 1)
{
row = mysql_fetch_row(result);
strcpy(response, row[0]);
}
This is at best a crash and at worse something far more dangerous. You can't simply strcpy to memory that does not exist. While there's a chance because you don't initialize response that the memory does exist you're going to be overwriting random data and it's going to do *bad* things to your server.
Also it better not be crashing the zone just because of something as trivial as not having a target, there should be sanity checks in place to counter that.
Threaded Mode
