SetClientViewEntity Crashes the Server

[SupremeSpookmaster]

Help us help you

• [X] I have checked that my issue doesn't exist yet.
• [X] I have tried my absolute best to reduce the problem-space and have provided the absolute smallest test-case possible.
• [x] I can always reproduce the issue with the provided description below.

Environment

• Operating System version: Windows and Linux
• Game/AppID (with version if applicable): Team Fortress 2
• Current SourceMod version: 1.11
• Current SourceMod snapshot: 1.12
• Current Metamod: Source snapshot: 1.12
• [X] I have updated SourceMod to the latest version and it still happens.
• [X] I have updated SourceMod to the latest snapshot and it still happens.
• [X] I have updated SourceMM to the latest snapshot and it still happens.

Description

I've been a hobbyist SourceMod developer for a few years now working on Freak Fortress 2, and recently I developed a plugin which will eventually allow boss creators to create custom intro cutscenes for their bosses (right now it uses boiler-plate code since I only have it on one boss). This plugin relies entirely on SetClientViewEntity to work, and up until the TF2 update which introduced VScripts, it worked flawlessly. Now, however, it simply crashes the server instantly. After much trial and error, I have managed to deduce that the crash is caused by SetClientViewEntity, as commenting out the line(s) which use SetClientViewEntity stops the crashes, at the cost of rendering my cutscene plugin useless.

Problematic Code (or Steps to Reproduce)

  SetClientViewEntity(client, entity);

Logs

errors_20230109.log L20230109.log Here's the crash dump on Throttle.

[nosoop]

Appears to be crashing at CStudioHdr::SequencesAvailable with a bad thisptr. It doesn't look like the engine interface changed though; the correct virtual offset is being called. I'd guess it's a behavior change within TF2.

Do you have a minimal standalone plugin to reproduce this server crash (for example, one that registers a command callback that the crash can be triggered by via SetViewEntity)?

[SupremeSpookmaster]

Appears to be crashing at CStudioHdr::SequencesAvailable with a bad thisptr. It doesn't look like the engine interface changed though; the correct virtual offset is being called. I'd guess it's a behavior change within TF2.

Do you have a minimal standalone plugin to reproduce this server crash (for example, one that registers a command callback that the crash using SetViewEntity)?

Hi nosoop, thank you for the response. I've added a short command to my testing commands plugin that should mimic the cutscene plugin, just type sm_cutscene (player) (animation) (attachment) (duration). So for example, if I wanted to force a "cutscene" on myself using the Kazotsky Kick, with the camera attached to my left hand, and have the cutscene last for 5 seconds, I would do sm_cutscene Spookmaster taunt_russian effect_hand_L 5.0. I hope this fits what you were asking for:

Test Plugin.zip

Something else I thought I should mention: while writing and testing this command, I found that it isn't specifically SetClientViewEntity causing the crashes. Instead, it appears to happen when the view entity is parented to a prop_dynamic_override. I have no idea why it does this. Again, thank you for your help.

[nosoop]

After paring down the plugin to something that can actually be compiled, I'm unable to reproduce the issue by myself.

That said I did notice you were using third-party tf2.pets gamedata; since that was missing from your archive, I opted to use the GetEntityAttachment and LookupEntityAttachment natives introduced in 1.11. Attached is the more reduced case.

test_set_client_view_entity.zip

Since third-party gamedata is part of your reproduction case, it's currently hard to say whether the issue you're experiencing is something that can be observed in plain SourceMod.

I initially tested the plugin on a Linux server, but after testing on Windows, I still do not observe any crashes.

[SupremeSpookmaster]

Sorry about the slow response, I've been meaning to get back to this but I kept getting distracted.

After running your version of the plugin, I was able to 100% confirm it doesn't actually have anything to do with SourceMod, as your version works flawlessly. I didn't even need to update my server's gamedata, which rules out the possibility of it being a gamedata issue (though I could be wrong, I haven't experimented with gamedata so I'm foggy on it).

It's likely a logical error somewhere in my version of the cutscene plugin; sorry to waste your time with this.

[nosoop]

GetModelPtr might also be bad since that the offset is hardcoded to look at 283 * 4 into CBaseEntity. A few class properties were added during the VScript update, which would've shifted those offsets (and would've not have worked across platforms).

That would definitely explain the bad thisptr being passed to CStudioHdr::SequencesAvailable.