search

xezon / GenToolBugs

0 stars 0 forks source link

Memory corruption on loading into Network match #3

Open xezon opened 3 years ago

xezon commented 3 years ago

Application Verifier is enabled with "Basics" enabled. Crash on loading into Network match with TestAllFactions map.

TestAllFactions.zip

ZH CD version game.dat

>   game.dat!00830a89()     
    [Frames below may be incorrect and/or missing, no symbols loaded for game.dat]  
    game.dat!008302fc()     
    game.dat!0082f7dd()     
    game.dat!0081ad88()     
    game.dat!0081ac1c()     
    game.dat!00815aaa()     
    game.dat!00932aa9()     
    game.dat!00763e0b()     
    game.dat!008095ae()     
    game.dat!00740709()     
    game.dat!007ce807()     
    game.dat!007ce68d()     
    game.dat!004fab69()     
    game.dat!004fabc1()     
    game.dat!004fabc1()     
    game.dat!004fabc1()     
    game.dat!004fac43()     
    game.dat!007a964d()     
    game.dat!0073e78d()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!00650052()     
    game.dat!00650052()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!005c0032()     
    game.dat!005c0032()     
    game.dat!006e0069()     
    game.dat!006e0069()     
EAX = 00000000 EBX = 00002248 ECX = 0E194388 EDX = 00966EE4 ESI = 0E194388 EDI = 00000000 EIP = 00830A89 ESP = 0019F828 EBP = 1A6217D8 EFL = 00210212 
00830A80  sub         esp,8 
00830A83  push        esi  
00830A84  mov         esi,ecx 
00830A86  mov         eax,dword ptr [esi+14h] 
00830A89  mov         ecx,dword ptr [eax]      <----- crashes here: eax is 0
00830A8B  push        edi  
00830A8C  push        eax  
00830A8D  call        dword ptr [ecx+34h] 
00830A90  xor         edi,edi 
00830A92  test        eax,eax 
00830A94  mov         dword ptr [esi+24h],eax 
00830A97  jbe         00830AD6 
00830A99  push        ebx  
00830A9A  lea         ebx,[esi+68h] 
00830A9D  mov         eax,dword ptr [esi+14h] 
00830AA0  mov         edx,dword ptr [eax] 
...

Follow up hit after exception above:

=======================================
VERIFIER STOP 00000013: pid 0x27A4: First chance access violation for current stack trace. 

    00000000 : Invalid address causing the exception.
    00830A89 : Code address executing the invalid access.
    0019F334 : Exception record.
    0019F384 : Context record.

=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.

=======================================
xezon commented 3 years ago

Same but slightly different callstack when loading Skirmish with map below, then quitting to Score screen, then hitting Quit button in Scorescreen.

6p cb zh, moqqy balanced 3 plus.zip

>   game.dat!00830a89()     
    [Frames below may be incorrect and/or missing, no symbols loaded for game.dat]  
    game.dat!008302fc()     
    game.dat!0082f7dd()     
    game.dat!0081ad88()     
    game.dat!0081ac1c()     
    game.dat!00815aaa()     
    game.dat!00932aa9()     
    game.dat!00763e0b()     
    game.dat!008095ae()     
    game.dat!00740709()     
    game.dat!004fac43()     
    game.dat!007a964d()     
    game.dat!0073e78d()     
    game.dat!00413c9d()     
    game.dat!004f9b41()     
    game.dat!004ad2e0()     
    game.dat!0040fcf4()     
    game.dat!00741c89()     
    game.dat!0040fdaa()     
    game.dat!00413866()     
    game.dat!00401c46()     
    verifier.dll!_AVrfpDphPostProcessing@4()  + 0x1a bytes  
    verifier.dll!_AVrfpDphPlaceOnDelayFree@8()  + 0x258 bytes   
    0019fbb8()  
    ntdll.dll!773bfe30()    
    ntdll.dll!7737636b()    
    ntdll.dll!7732288a()    
    vfbasics.dll!_AVrfpSRWLockFreeMemoryChecks@16()  + 0xab bytes   
    verifier.dll!_AVrfpDphFindBusyMemoryNoCheck@8()  + 0x4f bytes   
    6172656e()  
    ntdll.dll!773c05c8()    
    vfbasics.dll!_AVrfpFreeForOwnersTree@8()  + 0x3a bytes  
    ntdll.dll!7737e4ac()    
    msvcrt.dll!754170f2()   
    msvcrt.dll!75436f95()   
    msvcrt.dll!754364f1()   
    msvcrt.dll!75426e3d()   
    msvcrt.dll!75426e23()   
    game.dat!008e0c57()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!00650052()     
    game.dat!00650052()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!006e0069()     
    game.dat!005c0032()     
    game.dat!005c0032()     
    game.dat!006e0069()     
    game.dat!006e0069()
xezon commented 3 years ago

Possibly related to #5