AlliedModders
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

AlliedModders (https://forums.alliedmods.net/index.php)
-   Scripting (https://forums.alliedmods.net/forumdisplay.php?f=107)
-   -   [ANY/CSGO] cutlrbtree overflow, memory access (https://forums.alliedmods.net/showthread.php?t=328421)

ekshon 11-08-2020 11:56
[ANY/CSGO] cutlrbtree overflow, memory access
 
Following this tweet https://twitter.com/ZooL_Smith/statu...23189960478720 (all credits to ZooL) we have a knowledge why "CUtlRBTree overflow" crash happens. Every new unique string created (also every new entity) being added to a string pool which has a limit = 65536.

Please, don't ask "why you even need this?". This string pool is bugged because it's not purging itself on new round, which cause server crash after 1-2 hours of playing on some gamemodes.

IS IT POSSIBLE to get access to these strings and kill only those, which are lost their relevance?

There's a command which allows you to output all the strings - "dumpgamestringtable". If you search it on hl2 source code files, you can find "CGameStringPool" class:
https://github.com/ValveSoftware/sou...stringpool.cpp

Can we get an access to "m_Strings" of NON-entity class though the sourcemod, or maybe memory hack?

UPD:
In csgo's source code: https://github.com/perilouswithadoll...stringpool.cpp
we have this function:
Quote:
void CStringPool::FreeAll()
{
unsigned short i = m_Strings.FirstInorder();
while ( i != m_Strings.InvalidIndex() )
{
free( (void *)m_Strings[i] );
i = m_Strings.NextInorder(i);
}
m_Strings.RemoveAll();
}
This means it's possible to call it using "SDKCall", if you know the offset, am I right?

Ilusion9 11-10-2020 06:45
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
Can this crash be related to https://crash.limetech.org/k6oh2z3avmqi ?
I have a deathrun server and this crash happens every 2 days with nothing related to sourcemod

Ilusion9 11-18-2020 14:43
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
PHP Code:

#include <sourcemod>
#include <sdktools>
#include <cstrike>
#pragma newdecls required

Handle g_FreeAll;

public void OnPluginStart()
{
    Handle gamedata LoadGameConfigFile("memorycrash.games");

    StartPrepSDKCall(SDKCall_Static);
    PrepSDKCall_SetFromConf(gamedataSDKConf_Virtual"CStringPool::FreeAll");
    PrepSDKCall_SetReturnInfo(SDKType_BoolSDKPass_Plain);
    g_FreeAll EndPrepSDKCall();
    
    delete gamedata;
    
    HookEvent("round_prestart"Event_RoundPreStart);
}

public void Event_RoundPreStart(Event event, const char[] namebool dontBroadcast)
{
     SDKCall(g_FreeAll);

You can do something like this if you know the offsets.

ESK0 11-18-2020 16:03
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
Quote:
Originally Posted by Ilusion9 (Post 2725427)
PHP Code:

#include <sourcemod>
#include <sdktools>
#include <cstrike>
#pragma newdecls required

Handle g_FreeAll;

public void OnPluginStart()
{
    Handle gamedata LoadGameConfigFile("memorycrash.games");

    StartPrepSDKCall(SDKCall_Static);
    PrepSDKCall_SetFromConf(gamedataSDKConf_Virtual"CStringPool::FreeAll");
    PrepSDKCall_SetReturnInfo(SDKType_BoolSDKPass_Plain);
    g_FreeAll EndPrepSDKCall();
    
    delete gamedata;
    
    HookEvent("round_prestart"Event_RoundPreStart);
}

public void Event_RoundPreStart(Event event, const char[] namebool dontBroadcast)
{
     SDKCall(g_FreeAll);

You can do something like this if you know the offsets.
Code:
Linux: \x55\x89\xE5\x56\x53\x83\xEC\x10\x8B\x75\x08\x8D\x46\x04
Windows: \x55\x8B\xEC\x83\xEC\x0C\x8D\x45\x08 (not sure)

BHaType 11-18-2020 20:09
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
This calls 3 functions at once but you can find the signature and only call "CStringPool::FreeAll()"

Code

Gamedata


I didn't check because I don't have csgo

ekshon 12-05-2020 03:51
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
Alright. Thank you guys in helipng me with this investigation!
Here's conclusion that might be helpful for anyone who's facing same problem:

Calling "FreeAll()" in round runtime wasn't a good idea, because you're losing map's logic. Every output stops working. Also, server crashes when you mp_restartgame 1. Maybe you should call it in pre-event of "round_restart"? I didn't try this. Forget about "FreeAll" then.

Call "void Remove( const char *pszValue )" instead. It allows you to remove a string by it's name, but here's another problem:

Every time you create an entity in runtime with VSCRIPT attached to it, it creates a wierd string with some unique ID and classname / targetname. Good thing you can get this unique ID and remove string in "OnEntityDestroyed" very easily.
https://pbs.twimg.com/media/ECCw4PSXkAEaulG?format=png

Here's the code:

Code:
Handle sdkcall;

public void OnPluginStart()
{
        StartPrepSDKCall(SDKCall_Static);
        //signature is for windows
        PrepSDKCall_SetSignature(SDKLibrary_Server, "\x55\x8B\xEC\x56\x8D\x45\x08\xB9",8);
        PrepSDKCall_AddParameter(SDKType_String, SDKPass_Pointer);
        sdkcall = EndPrepSDKCall();
}

public void OnEntityDestroyed(int entity)
{
        char buffer[128];
        GetEntPropString(entity, Prop_Data, "m_iszScriptId", buffer, sizeof(buffer));       

        if (strlen(buffer) <= 0) return;
       
        SDKCall(sdkcall,buffer);
}
Credits to anarh1st47 for finding the signatures.

YOU CAN USE THIS METHOD TO REMOVE ANY UNWATNED STRING

Here's another solution, just 3 lines of code, that will remove only "m_iszScriptId" strings from stringpool.

Code:
public void OnEntityCreated(entity, const char[] classname)
{
    SetEntProp(entity,Prop_Data,"m_bForcePurgeFixedupStrings",true);
}
SOLVED

Dragokas 12-05-2020 15:40
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
Just FYI,
I think your topic could be related to a similar issue in L4D2: [L4D2] Script Command Swap - Mem Leak Fix,
caused by using the console command to create VScript instead of logic_script entity.

Sorry for hijacking your topic.

I also have a problem with 1 time per week crash related to CUtlRBTree overflow.
But, my game is Left 4 Dead 1. There is no VScript system at all.

I'm just curious didn't you try to use CStringPool::FreeAll() method on MapEnd?

Crash details:

ekshon 12-05-2020 22:47
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
Quote:
Originally Posted by Dragokas (Post 2727611)
Just FYI,
I think your topic could be related to a similar issue in L4D2: [L4D2] Script Command Swap - Mem Leak Fix,
caused by using the console command to create VScript instead of logic_script entity.

Sorry for hijacking your topic.

I also have a problem with 1 time per week crash related to CUtlRBTree overflow.
But, my game is Left 4 Dead 1. There is no VScript system at all.

I'm just curious didn't you try to use CStringPool::FreeAll() method on MapEnd?
No, I never tried to call "FreeAll" on map end. I think there are more lists using CUtlRBTree type, not only "gamestringpool". But this one is the most common that causes crash. You can dump it with commands:

Code:
sv_cheats 1
developer 1
dumpgamestringtable
The limit is 65536. Try mp_restartgame 1 and look if it's leaking. Also, you might using some map which creates entities in run time with unique names, etc. Or, you're using game_text to print some uniqe strings on player's screen.

Hawkins 05-02-2022 19:10
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
spams this in error logs when trying to use in L4D2:
PHP Code:
L 05/03/2022 00:45:43: [SMException reportedProperty "m_bForcePurgeFixedupStrings" not found (entity 0/worldspawn)
L 05/03/2022 00:45:43: [SMBlamingstringpool_fix.smx
L 05/03/2022 00:45:43: [SMCall stack trace:
L 05/03/2022 00:45:43: [SM]   [0SetEntProp
L 05/03/2022 00:45:43: [SM]   [1Line 14d:\L4D Stuff\4. VS SourcePawn\stringpool_fix.sp::OnEntityCreated
L 05/03/2022 00:45:43: [SMException reportedProperty "m_bForcePurgeFixedupStrings" not found (entity 32/cs_team_manager)
L 05/03/2022 00:45:43: [SMBlamingstringpool_fix.smx 

Bacardi 05-03-2022 09:13
Re: [ANY/CSGO] cutlrbtree overflow, memory access
 
Quote:
Originally Posted by Hawkins (Post 2778509)
spams this in error logs when trying to use in L4D2:
PHP Code:
L 05/03/2022 00:45:43: [SMException reportedProperty "m_bForcePurgeFixedupStrings" not found (entity 0/worldspawn)
L 05/03/2022 00:45:43: [SMBlamingstringpool_fix.smx
L 05/03/2022 00:45:43: [SMCall stack trace:
L 05/03/2022 00:45:43: [SM]   [0SetEntProp
L 05/03/2022 00:45:43: [SM]   [1Line 14d:\L4D Stuff\4. VS SourcePawn\stringpool_fix.sp::OnEntityCreated
L 05/03/2022 00:45:43: [SMException reportedProperty "m_bForcePurgeFixedupStrings" not found (entity 32/cs_team_manager)
L 05/03/2022 00:45:43: [SMBlamingstringpool_fix.smx 
PHP Code:
public void OnEntityCreated(entity, const char[] classname)
{
    if(HasEntProp(entityProp_Data"m_bForcePurgeFixedupStrings")
        SetEntProp(entityProp_Data"m_bForcePurgeFixedupStrings"true);



All times are GMT -4. The time now is 01:27.
Page 1 of 3 1 23
Show 40 post(s) from this thread on one page

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.