CUtlHashFast::FastInsert crash (debug builds)

[dy-dx]

Issue from Jul 17, 2013

SS_DeletePlayer
utllinkedlist.h (707) : Assertion Failed: IsInList(before
utlfixedmemory.h (214) : Assertion Failed: IsIdxValid(i)

>   sizzlingstats.dll!CUtlLinkedList<CUtlHashFast<playerAndExtra_s,CUtlHashFastNoHash>::HashFastData_t_<playerAndExtra_s>,int,1,int,CUtlFixedMemory<UtlLinkedListElem_t<CUtlHashFast<playerAndExtra_s,CUtlHashFastNoHash>::HashFastData_t_<playerAndExtra_s>,int> > >::LinkBefore(int before, int elem) Line 709    C++
    sizzlingstats.dll!CUtlHashFast<playerAndExtra_s,CUtlHashFastNoHash>::FastInsert(unsigned int uiKey, const playerAndExtra_s & data) Line 632 C++
    sizzlingstats.dll!CPlayerDataManager::RemovePlayer(engineContext_s & context, edict_t * pEdict) Line 125    C++
    sizzlingstats.dll!SizzlingStats::SS_DeletePlayer(edict_t * pEdict) Line 325 C++
    sizzlingstats.dll!CEmptyServerPlugin::ClientDisconnect(edict_t * pEdict) Line 569   C++

REPRO STEPS: create CUtlHashFast<> object call CUtlHashFast<>::RemoveAll() call CUtlHashFast<>::FastInsert()

HAPPENS ONLY ON DEBUG BUILDS

[dy-dx]

This happens because CUtlHashFast<>::RemoveAll() calls CUtlVector<>::RemoveAll() which sets the internal CUtlVector allocated memory to 0xDD to clear it after it destructs it. Then CUtlHashFast<>::FastInsert() calls CUtlFixedLinkedList<>::LinkBefore, which tries to compare the internal CUtlVector memory to 0 to see if it is valid or not, but the value of the memory will be 0xDD, which is seen as valid, then caught by an assert when it isn't actually valid.

[dy-dx]

CUtlVector coder used 0xDD to signify destructed memory for the vector class (platform.h Desctruct() method coder did this also) in debug builds. CUtlHashFast coder didn't take this into account when giving vector memory to the CUtlFixedLinkedList class which also doesn't take the 0xDD into account.