setElementHealth in onClientPedDamage can cause crash

multitheftauto / mtasa-blue

Multi Theft Auto is a game engine that incorporates an extendable network play element into a proprietary commercial single-player game.

https://multitheftauto.com

GNU General Public License v3.0

1.38k stars 424 forks source link

setElementHealth in onClientPedDamage can cause crash #472

Open ArranTuna opened 6 years ago

ArranTuna commented 6 years ago

Describe the bug setElementHealth inside onClientPedDamage can cause crash.

To Reproduce

function handleDamage(attacker,weapon,bodypart,loss)
    setElementHealth(source,1)
end
addEventHandler("onClientPedDamage",root,handleDamage)

Expected behavior No crash.

MTA Client (please complete the following information): v1.5.5-release-13192

Additional context client_1.5.5-release-13192.0.000_gtasa_00332b2a_5_QPrMb_0100007F_55F3_178_4564C_20180722_2146.dmp

From https://bugs.mtasa.com/view.php?id=8926

CrosRoad95 commented 1 year ago

it also happen for player, for peds crash is caused in "RpAnimBlendClumpGetFirstAssociation" function because ped on damage is recreated - see CClientPed::ReCreateModel possible solutions:

v2 = *(_DWORD **)(&a1->object.type + *(_DWORD *)(0xFB18C562 - (loc_45BA91 + 1))); - crash here ( in RpAnimBlendClumpGetFirstAssociation ), add additional check for nullptr because from what i see
fix recreateModel, probably something is missing, is being added after for example one frame
simplest: make setElementHealth in damage don't recreate model, or make setElementHealth not work in ped damage ( but i assume it can break something )

why do we recreate ped?

function handleDamage(attacker,weapon,bodypart,loss)
    setElementHealth(source,1)
end
addEventHandler("onClientPedDamage",root,handleDamage)
addEventHandler("onClientPlayerDamage", root, handleDamage)

TracerDS commented 1 year ago

Cant reproduce in 1.6. Probably fixed?

ArranTuna commented 1 year ago

Still crashed for me.

All I did was runcode that code then shot a ped and instantly crashed.

Version = 1.6-release-21890.0.000 Time = Mon Jul 24 16:40:59 2023 Module = C:\ProgramData\MTA San Andreas All\1.6\GTA San Andreas\gta_sa.exe Code = 0xC0000005 Offset = 0x00332B2A

EAX=00000000 EBX=00000000 ECX=00000034 EDX=047ED0DC ESI=118906F4 EDI=00000005 EBP=76937F70 ESP=0177FD5C EIP=00732B2A FLG=00210246 CS=0023 DS=002B SS=002B ES=002B FS=0053 GS=002B

TracerDS commented 1 year ago

I cant reproduce it on 21892 ;/

sirrjohn commented 6 months ago

Still crashing on 1.6! I can confirm. same error. Also crashing on other events like onClientPlayerWeaponFire. I noticed if i kill peds slower it takes longer to crash but if i use minigun for example when i hit the ped it crashes instantly.

I need this function and im trying to do a code not tusing it but nothing works... and with setElementHealth it works but always crashes....

TracerDS commented 3 months ago

Can be reproduced in server r22470 and client r22476.

FileEX commented 1 month ago

Crash can be fixed, but it won't fix the final problem. Crash will no longer occur, but the ped will die after the second hit, probably because for GTA it is already dead and the damage event is no longer triggered.

We should stop recreating the ped when we want to revive it, because it causes a lot of problems because the ped is literally being deleted and created again. Setting the right tasks really isn't enough to revive ped?