Crash when swapping some references with leveled lists

[nbrochu]

I've been experimenting with swaps using leveled lists. It was working well initially but when I broadened the scope of the swaps, I started getting frequent crashes while playtesting. In fact, some references consistently crash. I've been trying to narrow down what about those references causes the crash before reporting it but no real luck so far.

This is with latest Base Object Swapper (2.5.1). Vanilla Skyrim AE 1.6+

Notes:

• Part of what I'm doing is replacing alchemy ingredients with different alchemy ingredients using a custom leveled list
• Sample references that always cause a crash when replaced with a leveled list (Loose ingredients at AnisesCabinExterior01):
  • 0xDE061 Snowberry
  • 0xDE076 Wheat
  • 0xDE05C Hagraven Feathers
  • 0xDE064 Red Mountain Flower
  • 0xDE05A Deathbell
  • 0xDE060 Purple Mountain Flower
• Both Ref <=> Form and Form <=> Form swaps work when swapping with an object that is not a leveled list
• Both Ref <=> Form and Form <=> Form swaps crash when swapping with a leveled list
• Other locations with a large amount of loose ingredients (e.g. Arcadia's Cauldron) swap just fine with a leveled list
• The only differences between a Deathbell reference that works (0xCEEE7 Arcadia's) and that doesn't work (0xDE05A Anise's):
  • Arcadia's is an interior cell; Anise's is a wilderness cell
  • Arcadia's has no encounter zone; Anise's has an ECZN of NoResetZone
  • Arcadia's has an XOWN of ServicesWhiterunArcadiasCauldtron; Anise has an XOWN of HagravenFaction
• My custom leveled lists do not appear to be at cause. Same crash happens with a vanilla list (LItemIngredientsCommon)

Crash Log Snippet (can provide the full log if needed):

PROBABLE CALL STACK:
    [ 0] 0x7FF66AB7A8BC              SkyrimSE.exe+02BA8BC -> 20205+0x1C movzx ecx, word ptr [rax+0x44]
    [ 1] 0x7FF9D2CE29EB po3_BaseObjectSwapper.dll+00329EB   movzx ebx, ax |  D:\a\BaseObjectSwapper\BaseObjectSwapper\src\Manager.cpp:345 ?GetSwapData@Manager@FormSwap@@QEAA?AU?$pair@PEAVTESBoundObject@RE@@V?$optional@VTransform@FormSwap@@@std@@@std@@PEBVTESObjectREFR@RE@@PEBVTESForm@6@@Z
    [ 2] 0x7FF9D2CB143A po3_BaseObjectSwapper.dll+000143A   mov rdx, [rsp+0x40] |  D:\a\BaseObjectSwapper\BaseObjectSwapper\src\Hooks.cpp:12 ?swap_base@detail@BaseObjectSwapper@@YAXPEAVTESObjectREFR@RE@@@Z
    [ 3] 0x7FF9D2CB273E po3_BaseObjectSwapper.dll+000273E   mov rcx, rbx |  D:\a\BaseObjectSwapper\BaseObjectSwapper\src\Hooks.h:16 ?thunk@?$InitItemImpl@VTESObjectREFR@RE@@@BaseObjectSwapper@@SAXPEAVTESObjectREFR@RE@@@Z
    [ 4] 0x7FF66AB4C5DD              SkyrimSE.exe+028C5DD -> 19283+0x9D mov r8, [r14+0x08]
    [ 5] 0x7FF66AB33899              SkyrimSE.exe+0273899 -> 18882+0x2A9    xor cl, cl
    [ 6] 0x7FF66AB335D3              SkyrimSE.exe+02735D3 -> 18881+0x43 nop
    [ 7] 0x7FF66AB86F63              SkyrimSE.exe+02C6F63 -> 20460+0x203    mov rdx, rdi
    [ 8] 0x7FF66AA26EA8              SkyrimSE.exe+0166EA8 -> 13427+0x48 mov rsi, rax
    [ 9] 0x7FF66AA275CA              SkyrimSE.exe+01675CA -> 13430+0x10A    mov [rsp+0x20], r14b
    [10] 0x7FF66AA272BA              SkyrimSE.exe+01672BA -> 13428+0x24A    mov rcx, [rdi+0x88]
    [11] 0x7FF66AA1D5E7              SkyrimSE.exe+015D5E7 -> 13288+0xE17    mov rcx, [rbx+0x140]
    [12] 0x7FF66AA1F76F              SkyrimSE.exe+015F76F -> 13317+0x3BF    mov rcx, [rdi+0x140]
    [13] 0x7FF66AFB2323              SkyrimSE.exe+06F2323 -> 40744+0x173    cmp byte ptr [rbp+0x50], 0x00
    [14] 0x7FF66AFB2D08              SkyrimSE.exe+06F2D08 -> 40745+0x398    mov rbx, [rsp+0xB0]
    [15] 0x7FF66AF9814C              SkyrimSE.exe+06D814C -> 40445+0x5FC    mov rcx, r14
    [16] 0x7FF66AF96BBE              SkyrimSE.exe+06D6BBE -> 40438+0x5DE    mov r15b, 0x01
    [17] 0x7FF66AEAC2B3              SkyrimSE.exe+05EC2B3 -> 36564+0x73 call 0x00007FF66AEB0090
    [18] 0x7FF66AEA4DD5              SkyrimSE.exe+05E4DD5 -> 36544+0x165    test bl, bl
    [19] 0x7FF66BD34C1E              SkyrimSE.exe+1474C1E -> 109636+0x106   mov ebx, eax
    [20] 0x7FFA189926BD              KERNEL32.DLL+00126BD
    [21] 0x7FFA1916DFB8                 ntdll.dll+005DFB8

REGISTERS:
    RAX 0xF90B1            (size_t) [1020081]
    RCX 0x22BA80B7F28      (void*)
    RDX 0x10               (size_t) [16]
    RBX 0x0                (size_t) [0]
    RSP 0xBA325CE9E0       (void*)
    RBP 0xBA325CEB10       (void*)
    RSI 0x7FF9D2DB6F08     (void* -> po3_BaseObjectSwapper.dll+0106F08  add al, [rax] |  ?singleton@?1??GetSingleton@Manager@FormSwap@@SAPEAV23@XZ@4V23@A_106F08)
    RDI 0x22BA5ED1340      (TESLevItem*)
        File: "Randomizer - Main.esp"
        Flags: 0x00000008 kInitialized
        FormID: 0x1113C9AE
        FormType: LeveledItem (53)
    R8  0xA0               (size_t) [160]
    R9  0xA0               (size_t) [160]
    R10 0x7FFA00990000     (void*)
    R11 0x7FFA00991B55     (void* -> VCRUNTIME140.dll+0001B55   )
    R12 0x22BA19CFB80      (IngredientItem*)
        File: "Skyrim.esm"
        Flags: 0x00000009 kDestructible | kInitialized
        Name: "Purple Mountain Flower"
        FormID: 0x00077E1E
        FormType: Ingredient (30)
        GetFullName: "Purple Mountain Flower"
    R13 0x7FF9D2DB6DC0     (void* -> po3_BaseObjectSwapper.dll+0106DC0  add [rax], al |  ?singleton@?1??GetSingleton@Manager@FormSwap@@SAPEAV23@XZ@4V23@A_106DC0)
    R14 0xBA325CEC60       (void*)
    R15 0x7FF9D2DB6DC0     (void* -> po3_BaseObjectSwapper.dll+0106DC0  add [rax], al |  ?singleton@?1??GetSingleton@Manager@FormSwap@@SAPEAV23@XZ@4V23@A_106DC0)

[powerof3]

It appears to be encounter zone related, the game crashes when looking up zone level (while generating items from leveled list). It's possible this is uninitialized when I swap forms - I'll see if this can be fixed.

[nbrochu]

Confirmed. If I clear the encounter zone on those references it works as expected.

In theory, I suppose it should be fixed for a correct implementation since encounter zone levels appear to factor in leveled list calculations (I didn't know that!) and it's possible for references to have encounter zones.

In practice though, I think I'm just going to patch out encounter zone data from at-risk references. There's probably less than 200 in the whole game and it seems to mostly be used as a hacky way to attempt to control respawning behavior. Nothing that important.

All this to say it feels like an edge case that doesn't deserve too much focus and attention. Thanks for the reply.