Skip to content

[GEN][ZH] Fix uninitialized memory read in DockUpdate::loadDockPositions #731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 27, 2025
Merged

[GEN][ZH] Fix uninitialized memory read in DockUpdate::loadDockPositions #731

merged 1 commit into from
Apr 27, 2025
+6 −2

Conversation

Mauller
Copy link

@Mauller Mauller commented Apr 20, 2025
edited
Loading

This fix was originally discovered by @helmutbuhler and split out of the original PR it was contained in.

This fix initiallises an array that is used immediately but not all of the bins are updated with data.
This can result in random contents being included instead of being zeroed.

@Mauller Mauller self-assigned this Apr 20, 2025
@Mauller Mauller added Minor Severity: Minor < Major < Critical < Blocker Generals Related Generals only ZeroHour Relates to Zero Hour GameMismatchWith104Maybe Maybe affects game state towards original 1.04 Stability Concerns stability of the runtime Memory Is memory related Bug Something is not working right labels Apr 20, 2025
feliwir
feliwir previously requested changes Apr 21, 2025
View reviewed changes
Copy link

@feliwir feliwir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add helmutbuhler as Co-Author when he participated? See https://docs.github.com/en/pull-requests/committing-changes-to-your-project/creating-and-editing-commits/creating-a-commit-with-multiple-authors

@Mauller Mauller force-pushed the fix-dockupdate-bonepositons branch 2 times, most recently from 68f9887 to 001bf8f Compare April 21, 2025 18:31
@Mauller
Copy link
Author

Mauller commented Apr 21, 2025

Updated with requested changes, just needs rebasing once main is confirmed okay after the hashmap reversion and testing for Compat issues now.

@Mauller Mauller force-pushed the fix-dockupdate-bonepositons branch from 001bf8f to f0d3328 Compare April 23, 2025 06:35
@Mauller
Copy link
Author

Mauller commented Apr 23, 2025

Rebased with main and pushed so ready for testing.

@sorcerer86pt
Copy link

add a replay mismatch in vc6 version, but worse than that. launching any replay then pressing exit game, gives a immediate crash to desktop:

image

@helmutbuhler
Copy link

add a replay mismatch in vc6 version, but worse than that. launching any replay then pressing exit game, gives a immediate crash to desktop:

Can you give some more details? I just tested the build from CI and it works fine for me.

@sorcerer86pt
Copy link

sorcerer86pt commented Apr 23, 2025 via email

@helmutbuhler
Copy link

Does the binary from CI crash for you as well?
You'll find it here: https://github.com/TheSuperHackers/GeneralsGameCode/actions/runs/14611589339/artifacts/2991550194

I have a Ryzen too, but it doesn't crash for me.

@sorcerer86pt
Copy link

sorcerer86pt commented Apr 24, 2025 via email

@helmutbuhler
Copy link

Can you please download the binary from my link and try again?

@sorcerer86pt
Copy link

sorcerer86pt commented Apr 24, 2025 via email

@sorcerer86pt
Copy link

sorcerer86pt commented Apr 24, 2025
edited
Loading

it did crash again
used ff

@sorcerer86pt
Copy link

https://streamable.com/qrxjro

@sorcerer86pt
Copy link

how to reproduce, load a big replay and ff it. wait some time (20~30s should suffice). then exit game

@roossienb
Copy link

how to reproduce, load a big replay and ff it. wait some time (20~30s should suffice). then exit game

I get this error in the main branch as well, without this PR.

@helmutbuhler
Copy link

how to reproduce, load a big replay and ff it. wait some time (20~30s should suffice). then exit game

Thanks! I was just about to post as @roossienb that this bug already exists in main. It seems to be what's discussed here: #645

@helmutbuhler helmutbuhler mentioned this pull request Apr 25, 2025
Merged
1 task
@sorcerer86pt
Copy link

sorcerer86pt commented Apr 25, 2025 via email

@Mauller Mauller force-pushed the fix-dockupdate-bonepositons branch from f0d3328 to 6806a2c Compare April 26, 2025 07:09
@Mauller
Copy link
Author

Mauller commented Apr 26, 2025

Just rebased this on Main with the recent fixes that should resolve the crash on exit problems.

Might be worth a quick retest with replays but it should be good to go.

@Mauller Mauller requested a review from feliwir April 27, 2025 06:29
@Mauller Mauller force-pushed the fix-dockupdate-bonepositons branch 2 times, most recently from 4c40871 to 32f2d94 Compare April 27, 2025 06:36
@Mauller
Copy link
Author

Mauller commented Apr 27, 2025

Tweaked the comment and updated.

Fewer than the number of values within the array can be copied to it, but the whole array is considered at a later point so the remaining bins needs to be zeroed.

@helmutbuhler
Copy link

helmutbuhler commented Apr 27, 2025
edited
Loading

Tweaked the comment and updated.

Fewer than the number of values within the array can be copied to it, but the whole array is considered at a later point so the remaining bins needs to be zeroed.

Just watched your discussion about this. The point of my comment was to indicate that there are two variables involved, m_numberApproachPositionBones and m_numberApproachPositions, and that they are not used as originally intended. It's easy to confuse this when reading this code (as you two did yourself at first).

You can rephrase that if you want, but don't just delete it.

I also noted in the original PR about this:

Note about the second fix: You can check that it reads that uninitialized memory by setting all bits to one:
memset(approachBones, -1, sizeof(approachBones));
It will then mismatch on the golden replay 1. It seems we are lucky that that memory is all 0 on retail version.

I stumbled upon this while simulating the golden replay without client updates. In that case the stack memory is not all 0 and it mismatches.

Other than that, thank you for handling this!

@xezon xezon force-pushed the fix-dockupdate-bonepositons branch from 32f2d94 to 9288b19 Compare April 27, 2025 14:25
@xezon xezon changed the title [GEN][ZH] Fix uninitialized memory access in DockUpdate::loadDockPositions() [GEN][ZH] Fix uninitialized memory read in DockUpdate::loadDockPositions Apr 27, 2025
@xezon
Copy link

xezon commented Apr 27, 2025

I optimized the description for this change.

@xezon xezon force-pushed the fix-dockupdate-bonepositons branch from 9288b19 to 4c1e902 Compare April 27, 2025 14:45
@xezon
Copy link

xezon commented Apr 27, 2025
edited
Loading

Revisited code comment once more after revieweing helmut's last review comment.

@xezon xezon dismissed feliwir’s stale review April 27, 2025 14:47

Review was addressed

xezon
xezon approved these changes Apr 27, 2025
View reviewed changes
Copy link

@xezon xezon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@Mauller @helmutbuhler @xezon
[GEN][ZH] Fix uninitialized memory read in DockUpdate::loadDockPositi…
a6c5d8d 
…ons() (#731)

Co-authored-by: Helmut Buhler <buhler@8gadgetpack.net>
@xezon xezon force-pushed the fix-dockupdate-bonepositons branch from 4c1e902 to a6c5d8d Compare April 27, 2025 15:14
@xezon xezon removed the GameMismatchWith104Maybe Maybe affects game state towards original 1.04 label Apr 27, 2025
@xezon xezon merged commit 5005ed3 into TheSuperHackers:main Apr 27, 2025
18 checks passed
@xezon xezon deleted the fix-dockupdate-bonepositons branch April 27, 2025 15:38
@xezon xezon added this to the Stability fixes milestone Apr 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xezon xezon xezon approved these changes

@feliwir feliwir Awaiting requested review from feliwir

Assignees

@Mauller Mauller

Labels
Bug Something is not working right Generals Related Generals only Memory Is memory related Minor Severity: Minor < Major < Critical < Blocker Stability Concerns stability of the runtime ZeroHour Relates to Zero Hour
Projects
None yet
Milestone
Stability fixes
Development

Successfully merging this pull request may close these issues.
6 participants
@Mauller @sorcerer86pt @helmutbuhler @roossienb @xezon @feliwir