Raised This Month: $ Target: $400
 0% 

Solved [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b


Post New Thread Reply   
 
Thread Tools Display Modes
devilesk
Junior Member
Join Date: May 2019
Old 10-12-2020 , 17:24   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #11

Same crash happened on my server https://crash.limetech.org/frx2js2o3xlq
It was in the second round of a map and I tried to switch teams from infected to survivor and it crashed. I was alone on the server and loaded into a ZoneMod config (with a few custom plugins).
devilesk is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine
Old 10-14-2020 , 08:56   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #12

ProjectSky. Disabling l4d2_changelevel.smx and same part of code in my MapChanger didn't help.
Yesterday, I received crash with same functions and events stuck.

So, as confirmed by devilesk, that is surely related to team switch, like we see in events stuck:

Quote:
L 10/13/2020 - 00:19:44: EVENT_HAPPENED :: (POST) :: "bot_player_replace"
L 10/13/2020 - 00:19:44: EVENT_HAPPENED ---> "player_disconnect". Client: 3 (Bill). Team: 1
L 10/13/2020 - 00:19:44: {Forward} OnClientDisconnect. Client: 3. InGame? 1
L 10/13/2020 - 00:19:44: EVENT_HAPPENED :: (Pre ) :: "player_team"
L 10/13/2020 - 00:19:44: EVENT_HAPPENED :: (POST) :: "player_team"
L 10/13/2020 - 00:19:44: EVENT_HAPPENED :: (Pre ) :: "pounce_end"
L 10/13/2020 - 00:19:44: EVENT_HAPPENED :: (POST) :: "pounce_end"
L 10/13/2020 - 00:19:44: {Forward} OnClientDisconnect_Post. Client: 3
#Game_srv.so loaded for "Left 4 Dead 2"
I just don't understand why "pounce_end" event happens right before client disconnection.
Why and what hunter is doing there. This is not a coincidence anymore.
__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch)
[My plugins] [My tools] [GitHub] [Articles]

Last edited by Dragokas; 10-14-2020 at 08:58.
Dragokas is offline
Lux
Veteran Member
Join Date: Jan 2015
Location: Brexit
Old 10-14-2020 , 10:41   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #13

Quote:
Originally Posted by Dragokas View Post
ProjectSky. Disabling l4d2_changelevel.smx and same part of code in my MapChanger didn't help.
Yesterday, I received crash with same functions and events stuck.

So, as confirmed by devilesk, that is surely related to team switch, like we see in events stuck:



I just don't understand why "pounce_end" event happens right before client disconnection.
Why and what hunter is doing there. This is not a coincidence anymore.
"pounce_end" will happen on a client leaving given their entity will be destoryed and a bot created in it's place.

Dump your detailed infomation from the stack trace last few which includes opcodes, i have a feeling maybe some garbage entity ehandle maybe getting by the check.
Code:
0 	server_srv.so!CMoveableCamera::FollowTarget() + 0x3b
1 	server_srv.so!CBaseEntity::PhysicsDispatchThink(void (CBaseEntity::*)()) + 0xae
2 	server_srv.so!CBaseEntity::PhysicsRunSpecificThink(int, void (CBaseEntity::*)()) + 0xb9
3 	server_srv.so!CBaseEntity::PhysicsRunThink(CBaseEntity::thinkmethods_t) + 0x42
4 	server_srv.so!CBaseEntity::PhysicsNoclip() + 0xcd
5 	server_srv.so!CBaseEntity::PhysicsSimulate() + 0xa9c
__________________
Lux is offline
devilesk
Junior Member
Join Date: May 2019
Old 10-14-2020 , 11:24   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #14

Quote:
Originally Posted by Lux View Post
"pounce_end" will happen on a client leaving given their entity will be destoryed and a bot created in it's place.

Dump your detailed infomation from the stack trace last few which includes opcodes, i have a feeling maybe some garbage entity ehandle maybe getting by the check.
Code:
0 	server_srv.so!CMoveableCamera::FollowTarget() + 0x3b
1 	server_srv.so!CBaseEntity::PhysicsDispatchThink(void (CBaseEntity::*)()) + 0xae
2 	server_srv.so!CBaseEntity::PhysicsRunSpecificThink(int, void (CBaseEntity::*)()) + 0xb9
3 	server_srv.so!CBaseEntity::PhysicsRunThink(CBaseEntity::thinkmethods_t) + 0x42
4 	server_srv.so!CBaseEntity::PhysicsNoclip() + 0xcd
5 	server_srv.so!CBaseEntity::PhysicsSimulate() + 0xa9c
Is this it?

Code:
Thread 0 (crashed):
   0: server_srv.so!CMoveableCamera::FollowTarget() + 0x3b
      eip: 0xedac084b  esp: 0xffc353c0  ebp: 0xffc35488  ebx: 0x0ba3fb30
      esi: 0x00000000  edi: 0xed4cc5e0  eax: 0x0000189c  ecx: 0xee0942e0
      edx: 0xee094330  efl: 0x00010202  

      edac0837  81 e2 ff 0f 00 00        and edx, 0xfff
      edac083d  c1 e2 04                 shl edx, 0x4
      edac0840  01 ca                    add edx, ecx
      edac0842  39 42 08                 cmp [edx+0x8], eax
      edac0845  0f 84 8d 01 00 00        jz 0xedac09d8
  >   edac084b  f6 86 4d 01 00 00 08     test byte [esi+0x14d], 0x8
      edac0852  0f 85 70 01 00 00        jnz 0xedac09c8
      edac0858  8b 86 7c 03 00 00        mov eax, [esi+0x37c]
      edac085e  8b 8b 50 04 00 00        mov ecx, [ebx+0x450]
      edac0864  8b 93 54 04 00 00        mov edx, [ebx+0x454]
      edac086a  f3 0f 10 9b 5c 04 00 00  movss xmm3, [ebx+0x45c]

      ffc353c0  00 00 00 00 00 00 00 00  b7 aa e0 ed b7 aa e0 ed  ................
      ffc353d0  00 00 00 8b 00 00 00 00  b7 aa e0 ed 98 02 cb 00  ................
      ffc353e0  52 36 58 81 ff ff ff ff  00 00 00 00 02 aa e0 ed  R6X.............
      ffc353f0  b7 aa e0 ed c0 48 fa 0a  35 58 ba f7 18 59 ba f7  .....H..5X...Y..
      ffc35400  27 52 ba f7 6c 54 c3 ff  40 2c ef 0b 55 6d ba f7  '[email protected],..Um..
      ffc35410  6c 54 c3 ff 40 2c ef 0b  ff ff ff ff 00 30 a1 0d  [email protected],.......0..
      ffc35420  6c 54 c3 ff 40 2c ef 0b  ab 9e b7 f7 00 90 d0 f7  [email protected],..........
      ffc35430  6c 54 c3 ff 40 2c ef 0b  b8 19 22 f5 03 97 b9 f7  [email protected],....".....
      ffc35440  6c 54 c3 ff b8 19 22 f5  68 55 c3 ff 40 2c ef 0b  lT....".hU[email protected],..
      ffc35450  b7 aa e0 ed c0 48 fa 0a  35 58 ba f7 68 55 c3 ff  .....H..5X..hU..
      ffc35460  27 52 ba f7 cc 54 c3 ff  40 2c ef 0b 01 80 ad fb  '[email protected],......
      ffc35470  40 2c ef 0b 40 2c ef 0b  40 2c ef 0b e5 00 00 00  @,[email protected],[email protected],......
      ffc35480  30 fb a3 0b e0 c5 4c ed  08 55 c3 ff 5e 9c 85 ed  0.....L..U..^...

      Found via instruction pointer in context


   1: server_srv.so!CBaseEntity::PhysicsDispatchThink(void (CBaseEntity::*)()) + 0xae
      eip: 0xed859c5e  esp: 0xffc35490  ebp: 0xffc35508  ebx: 0x000000e5
      esi: 0x0ba3fb30  edi: 0xed4cc5e0  

      ffc35490  30 fb a3 0b 00 00 00 00  d8 54 c3 ff c0 db 4f ed  0........T....O.
      ffc354a0  30 fb a3 0b 00 fc a3 0b  d8 54 c3 ff 78 4d 75 ed  0........T..xMu.
      ffc354b0  30 fb a3 0b 00 00 00 00  40 2c ef 0b 00 00 00 00  [email protected],......
      ffc354c0  1c 55 c3 ff ff ff ff ff  00 00 00 00 30 fb a3 0b  .U..........0...
      ffc354d0  30 fb a3 0b 00 00 00 00  08 55 c3 ff 00 00 00 00  0........U......
      ffc354e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
      ffc354f0  3c c1 43 0c 40 2c ef 0b  2d 00 00 00 30 fb a3 0b  <[email protected],..-...0...
      ffc35500  30 fb a3 0b 00 00 00 00  88 55 c3 ff 09 1f 56 ed  0........U....V.

      Found via call frame info


   2: server_srv.so!CBaseEntity::PhysicsRunSpecificThink(int, void (CBaseEntity::*)()) + 0xb9
      eip: 0xed561f09  esp: 0xffc35510  ebp: 0xffc35588  ebx: 0x0ba3fb30
      esi: 0x0ba3fb30  edi: 0x00000000  

      ffc35510  30 fb a3 0b e5 00 00 00  00 00 00 00 50 15 88 10  0...........P...
      ffc35520  b8 19 22 f5 68 55 c3 ff  58 55 c3 ff 15 7d 1d f5  ..".hU..XU...}..
      ffc35530  b0 0b ff 10 b2 1c 00 00  a4 f0 92 42 0a d7 23 3c  ...........B..#<
      ffc35540  20 00 00 00 00 00 00 00  b3 1c 00 00 b2 1c 00 00   ...............
      ffc35550  48 6e 5b 11 9a 02 00 00  88 55 c3 ff 21 7f 1d f5  Hn[......U..!...
      ffc35560  a0 97 d0 f7 41 00 00 00  00 00 00 00 05 05 9a 6d  ....A..........m
      ffc35570  70 ae f8 09 79 8c ba f7  10 00 00 08 30 fb a3 0b  p...y.......0...
      ffc35580  00 00 00 00 00 00 00 00  b8 55 c3 ff 02 24 56 ed  .........U...$V.

      Found via call frame info


   3: server_srv.so!CBaseEntity::PhysicsRunThink(CBaseEntity::thinkmethods_t) + 0x42
      eip: 0xed562402  esp: 0xffc35590  ebp: 0xffc355b8  ebx: 0x0ba3fb30
      esi: 0x00000000  edi: 0x00000000  

      ffc35590  30 fb a3 0b ff ff ff ff  e5 00 00 00 00 00 00 00  0...............
      ffc355a0  a0 97 d0 f7 61 00 00 00  00 00 00 00 30 fb a3 0b  ....a.......0...
      ffc355b0  00 00 00 00 00 00 00 00  38 56 c3 ff 5d b4 85 ed  ........8V..]...

      Found via call frame info


   4: server_srv.so!CBaseEntity::PhysicsNoclip() + 0xcd
      eip: 0xed85b45d  esp: 0xffc355c0  ebp: 0xffc35638  ebx: 0x0ba3fb30
      esi: 0x00000000  edi: 0x00000000  

      ffc355c0  30 fb a3 0b 00 00 00 00  e8 55 c3 ff 00 30 a1 0d  0........U...0..
      ffc355d0  20 c1 43 0c 40 6e 5b 11  79 8c ba f7 88 56 c3 ff   [email protected][.y....V..
      ffc355e0  20 98 37 0e ff ff ff ff  08 56 c3 ff ab f2 1d f5   .7......V......
      ffc355f0  20 c1 43 0c 20 c1 43 0c  00 00 00 00 00 00 00 00   .C. .C.........
      ffc35600  30 fb a3 0b 00 00 00 00  38 56 c3 ff 5a 89 4f ed  0.......8V..Z.O.
      ffc35610  e0 42 09 ee 30 fb a3 0b  00 00 00 00 00 00 00 00  .B..0...........
      ffc35620  b0 29 d6 09 80 2a d6 09  a8 56 c3 ff 00 00 00 00  .)...*...V......
      ffc35630  30 fb a3 0b 45 b2 d6 ed  c8 56 c3 ff 3c 38 56 ed  0...E....V..<8V.

      Found via call frame info


   5: server_srv.so!CBaseEntity::PhysicsSimulate() + 0xa9c
      eip: 0xed56383c  esp: 0xffc35640  ebp: 0xffc356c8  ebx: 0x00000000
      esi: 0x0ba3fb30  edi: 0xedd6b245  

      ffc35640  30 fb a3 0b 00 00 80 00  c8 56 c3 ff 2c e9 28 f5  0........V..,.(.
      ffc35650  30 2c d6 09 f0 2c d6 09  06 00 35 72 d0 2c d6 09  0,...,....5r.,..
      ffc35660  05 00 34 72 20 2b d6 09  00 00 00 00 00 00 00 00  ..4r +..........
      ffc35670  00 00 00 00 30 2c d6 09  00 00 00 00 00 00 00 00  ....0,..........
      ffc35680  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
      ffc35690  00 00 00 00 a8 57 c3 ff  00 00 00 00 f0 2c d6 09  .....W.......,..
      ffc356a0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
      ffc356b0  b0 29 d6 09 40 bd 17 11  09 bd ba f7 30 fb a3 0b  .)[email protected]
      ffc356c0  00 00 00 00 45 b2 d6 ed  38 57 c3 ff 6a cc 85 ed  ....E...8W..j...

      Found via call frame info


   6: server_srv.so!Physics_SimulateEntity(CBaseEntity*) + 0x15a
      eip: 0xed85cc6a  esp: 0xffc356d0  ebp: 0xffc35738  ebx: 0x0ba3fb30
      esi: 0x00000000  edi: 0xedd6b245  

      ffc356d0  30 fb a3 0b 70 30 48 0f  e8 57 c3 ff 58 58 c3 ff  0...p0H..W..XX..
      ffc356e0  00 00 00 00 58 58 c3 ff  a8 57 c3 ff a6 5f 58 ed  ....XX...W..._X.
      ffc356f0  48 58 c3 ff 01 00 00 00  18 57 c3 ff ed b0 be ed  HX.......W......
      ffc35700  30 88 4b 0f 20 00 00 00  00 00 00 00 00 00 00 00  0.K. ...........
      ffc35710  04 00 00 00 98 3c 75 0a  00 00 00 00 00 00 00 00  .....<u.........
      ffc35720  ac 57 c3 ff 31 00 00 00  00 00 00 00 00 00 00 00  .W..1...........
      ffc35730  70 57 c3 ff a4 f0 92 42  88 58 c3 ff ea d0 85 ed  pW.....B.X......

      Found via call frame info

Last edited by devilesk; 10-14-2020 at 12:01. Reason: code instead of quote
devilesk is offline
Timocop
AlliedModders Donor
Join Date: Mar 2013
Location: Germany
Old 10-14-2020 , 11:43   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #15

Having the same issue, except its a different stack trace. Happens every day on my server since the L4D2 update. Its so bad that the L4D1 server im running next to the L4D2 server is hanging while the L4D2 server crashes.

https://crash.limetech.org/atehf2322fmt
https://crash.limetech.org/lbpgiihzrihy
https://crash.limetech.org/v6xjtixshlrf
https://crash.limetech.org/qe6dxc4p3wwo

Im very confused what this could possibly be. Since i have the same plugins as before the L4D2 update...
This is the only crash i am getting. Nothing else.

(Ignore the SM 1.9 version, i've tried to downgrade SourceMod to see if this fixed the issue. It didnt.)

Code:
SIGSEGV /SEGV_MAPERR accessing 0x0

Thread 0 (crashed):
   0: server_srv.so!SurvivorBot::IsReachable(CBaseEntity*) const + 0xe
      eip: 0xee57211e  esp: 0xff99ed70  ebp: 0xff99ed98  ebx: 0x1016f480
      esi: 0x0e803a48  edi: 0x00000000  eax: 0x00000000  ecx: 0x00000000
      edx: 0x0e803a9c  efl: 0x00210282  

      ee572113  56                       push esi
      ee572114  53                       push ebx
      ee572115  83 ec 20                 sub esp, 0x20
      ee572118  8b 45 0c                 mov eax, [ebp+0xc]
      ee57211b  8b 5d 08                 mov ebx, [ebp+0x8]
  >   ee57211e  8b 10                    mov edx, [eax]
      ee572120  89 04 24                 mov [esp], eax
      ee572123  ff 92 88 02 00 00        call dword [edx+0x288]
      ee572129  c7 44 24 18 00 00 00 00  mov dword [esp+0x18], 0x0
      ee572131  89 44 24 04              mov [esp+0x4], eax
      ee572135  a1 a8 37 c2 ee           mov eax, [0xeec237a8]

      ff99ed70  80 f4 16 10 01 00 00 01  98 ed 99 ff 71 f0 b4 f7  ............q...
      ff99ed80  60 e3 c1 f7 00 00 80 3f  00 00 00 40 80 f4 16 10  `[email protected]
      ff99ed90  80 f4 16 10 48 3a 80 0e  18 ee 99 ff 32 b9 56 ee  ....H:......2.V.

      Found via instruction pointer in context


   1: server_srv.so!SurvivorUseObject::ShouldGiveUp(SurvivorBot*) const + 0x112
      eip: 0xee56b932  esp: 0xff99eda0  ebp: 0xff99ee18  ebx: 0x1016f480
      esi: 0x0e803a48  edi: 0x00000000  

      ff99eda0  80 f4 16 10 00 00 00 00  f0 ea 3b 12 84 e7 5d ee  ..........;...].
      ff99edb0  1c 26 17 10 f4 ed 99 ff  f8 ed 99 ff 3b bc 56 ee  .&..........;.V.
      ff99edc0  58 a2 d9 0e a0 3a 80 0e  18 ee 99 ff 56 55 92 43  X....:......VU.C
      ff99edd0  3e 20 93 43 80 f4 16 10  18 ee 99 ff 88 08 56 ee  > .C..........V.
      ff99ede0  80 f4 16 10 f4 8f f0 f7  68 00 00 00 e9 e7 ca 3f  ........h......?
      ff99edf0  80 f4 16 10 48 3a 80 0e  e0 dd 65 41 19 0f 56 ee  ....H:....eA..V.
      ff99ee00  48 3a 80 0e 58 a2 d9 0e  00 00 80 3f f4 ee 99 ff  H:..X......?....
      ff99ee10  80 f4 16 10 48 3a 80 0e  98 ee 99 ff cd 71 57 ee  ....H:.......qW.

      Found via call frame info


   2: server_srv.so!SurvivorBot::ScavengeNearbyItems(Action<SurvivorBot>*) + 0x28d
      eip: 0xee5771cd  esp: 0xff99ee20  ebp: 0xff99ee98  ebx: 0xff99eef4
      esi: 0x1016f480  edi: 0x0e803a48  

      ff99ee20  48 3a 80 0e 80 f4 16 10  98 ee 99 ff 00 00 00 00  H:..............
      ff99ee30  03 00 00 00 80 f4 16 10  00 00 00 00 48 a7 6b 45  ............H.kE
      ff99ee40  80 d2 f9 e9 0c 80 17 10  78 ee 99 ff 01 f4 b4 f7  ........x.......
      ff99ee50  00 80 3b 44 30 99 81 0f  00 00 00 3f d2 e2 14 00  ..;D0......?....
      ff99ee60  0c 80 17 10 c8 34 17 10  58 a2 d9 0e 8c 33 77 45  .....4..X....3wE
      ff99ee70  c8 06 8e 12 80 f4 16 10  98 ee 99 ff 71 f0 b4 f7  ............q...
      ff99ee80  60 e3 c1 f7 00 00 80 3f  00 00 00 40 80 f4 16 10  `[email protected]
      ff99ee90  48 4b ac 0c 0c 80 17 10  18 ef 99 ff e6 cf 55 ee  HK............U.

      Found via call frame info


   3: server_srv.so!SurvivorBehavior::Update(SurvivorBot*, float) + 0x4c6
      eip: 0xee55cfe6  esp: 0xff99eea0  ebp: 0xff99ef18  ebx: 0x1016f480
      esi: 0x0cac4b48  edi: 0x1017800c  

      ff99eea0  f4 ee 99 ff 80 f4 16 10  48 4b ac 0c c8 34 17 10  ........HK...4..
      ff99eeb0  80 c4 4a 0f d8 74 34 11  e8 ee 99 ff 56 55 92 43  ..J..t4.....VU.C
      ff99eec0  4f f3 92 43 d8 74 34 11  e8 ee 99 ff 63 cb 56 ee  O..C.t4.....c.V.
      ff99eed0  75 f9 9d 3f 3f 79 56 3e  e8 ee 99 ff 3c 00 00 00  u..??yV>....<...
      ff99eee0  03 00 00 00 cc ef 99 ff  7c 4b ac 0c f4 ee 99 ff  ........|K......
      ff99eef0  c8 34 17 10 00 00 00 00  00 00 00 00 00 00 00 00  .4..............
      ff99ef00  10 00 00 00 e0 72 c0 ee  80 c4 4a 0f c0 ef 99 ff  .....r....J.....
      ff99ef10  48 4b ac 0c 80 f4 16 10  78 ef 99 ff c2 31 58 ee  HK......x....1X.

      Found via call frame info


   4: server_srv.so!Action<SurvivorBot>::InvokeUpdate(SurvivorBot*, Behavior<SurvivorBot>*, float) + 0xd2
      eip: 0xee5831c2  esp: 0xff99ef20  ebp: 0xff99ef78  ebx: 0xff99efc0
      esi: 0x0cac4b48  edi: 0x1016f480  

      ff99ef20  48 ef 99 ff 48 4b ac 0c  80 f4 16 10 00 88 08 3e  H...HK.........>
      ff99ef30  4b 2a 16 c4 7b af 16 c2  61 a6 8f c3 80 c4 4a 0f  K*..{...a.....J.
      ff99ef40  00 00 00 00 00 00 00 00  80 f4 16 10 00 00 80 3f  ...............?
      ff99ef50  00 00 80 3f 7d 18 17 c4  e8 25 45 c2 40 0f 83 0c  ...?}....%[email protected]
      ff99ef60  00 00 00 00 45 44 92 43  f8 ef 99 ff c8 06 8e 12  ....ED.C........
      ff99ef70  00 00 00 00 48 fc 39 0e  f8 ef 99 ff 89 2b 58 ee  ....H.9......+X.

      Found via call frame info


   5: server_srv.so!SurvivorIntention::Update() + 0x119
      eip: 0xee582b89  esp: 0xff99ef80  ebp: 0xff99eff8  ebx: 0x128e06c8
      esi: 0x00000000  edi: 0x0e39fc48  

      ff99ef80  c0 ef 99 ff 48 4b ac 0c  80 f4 16 10 48 fc 39 0e  ....HK......H.9.
      ff99ef90  00 88 08 3e 00 00 00 00  f8 ef 99 ff 66 4a 39 ee  ...>........fJ9.
      ff99efa0  f0 34 17 10 00 00 00 00  00 00 00 00 56 55 92 43  .4..........VU.C
      ff99efb0  00 00 00 00 00 00 00 00  be 62 92 43 80 f4 16 10  .........b.C....
      ff99efc0  40 0f 83 0c 80 c4 4a 0f  86 a5 07 c2 c8 34 17 10  @.....J......4..
      ff99efd0  45 44 92 43 00 00 00 00  00 00 00 00 00 00 00 00  ED.C............
      ff99efe0  40 0f 83 0c 80 c4 4a 0f  f8 ef 99 ff c8 06 8e 12  @.....J.........
      ff99eff0  00 00 00 00 00 00 00 00  38 f1 99 ff 40 53 39 ee  [email protected]

      Found via call frame info
__________________

Last edited by Timocop; 10-14-2020 at 11:45.
Timocop is offline
Lux
Veteran Member
Join Date: Jan 2015
Location: Brexit
Old 10-14-2020 , 12:02   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #16

devilesk, dragokas, externet.

All crashes look to be a garbage entity getting past the ehandle check (entity reference basicly) and reading garbage, something is very wrong here and no it has nothing to do with level changing.

This is something I don't know how to fix.

From CMoveableCamera::FollowTarget
PHP Code:
if ( *(v2 333) & // Crashing in this check according to crashstack this is quite strange given it's using Flag EFL_SETTING_UP_BONES I don't think i'm right here given below function of the typical check usually.
    
CBaseEntity::CalcAbsolutePosition(v2); 
Usually this type of check.
PHP Code:
if ( this->CBaseEntity.m_iEFlags EFL_DIRTY_ABSTRANSFORM )
        
CBaseEntity::CalcAbsolutePosition(this); 
In externet's case the ehandle check is in SurvivorUseObject::ShouldGiveUp could be wrong hope someone more experienced then me could help.
__________________

Last edited by Lux; 10-14-2020 at 12:08.
Lux is offline
ProjectSky
Junior Member
Join Date: Aug 2020
Old 11-01-2020 , 10:28   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #17

Has anyone found any solution to this crash? My server has such random crashes every day.
If find, please let me know, thank you very much
ProjectSky is offline
fdxx
Junior Member
Join Date: Oct 2020
Old 11-20-2020 , 08:43   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #18

I have the same reason for the crash. When the player joins the survivor from the spectators, the server randomly crashes

https://crash.limetech.org/4g3d572anziq
https://crash.limetech.org/b2ia6idw5m6k

Last edited by fdxx; 11-20-2020 at 08:49. Reason: add crash link
fdxx is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine
Old 11-21-2020 , 16:29   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #19

Can somebody test the fix against CMoveableCamera::FollowTarget crash?
UPD. Already tested and working.

Requirements:
- DHook Detours
ChangeLog:
v.1.1 (27-Nov-2020)
- Added windows signatures
- debug mode is turned off
- hardcoded camera struct index moved to a gamedata
Attached Files
File Type: zip FollowTargetDHook.zip (8.1 KB, 17 views)
__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch)
[My plugins] [My tools] [GitHub] [Articles]

Last edited by Dragokas; 11-28-2020 at 08:59.
Dragokas is offline
fdxx
Junior Member
Join Date: Oct 2020
Old 11-21-2020 , 22:34   Re: [L4d2] Crash on CMoveableCamera::FollowTarget() + 0x3b
Reply With Quote #20

Quote:
Originally Posted by Dragokas View Post
Can somebody test the fix against CMoveableCamera::FollowTarget crash?
Thank you very much, Dragokas, I will test this fix plugin, Check the effect after 1 week.

11-30-2020 Editing: After using this fix plugin, my server has not crashed, Thanks

Last edited by fdxx; 11-29-2020 at 22:16.
fdxx is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:09.


Powered by vBulletin®
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Theme made by Freecode