Raised This Month: $12 Target: $400
 3% 

[L4D2] Crash on CNavLadder::GetPosAtHeight


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
cravenge
Veteran Member
Join Date: Nov 2015
Location: Chocolate Factory
Old 09-12-2021 , 09:13   [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #1

Looking through my server's previous crash logs, this one seems to stand out the most. Usually happens on custom campaigns judging from the main logs, more often on the last map of A Dam Mission after matching the date and time said crash occurs.

More info on the crash:
Code:
0    server.dll + 0x499d23
1    server.dll + 0x3fcbff
2    server.dll + 0x40f467
3    server.dll + 0x3f3f3f
4    server.dll + 0x3f3f6d
5    server.dll + 0x3f3f6d
6    server.dll + 0x3f3f6d
7    server.dll + 0x3f4225
8    server.dll + 0x3f4350
9    server.dll + 0x4a9fb7
10    server.dll + 0x401bf7
11    server.dll + 0x4a5bc7
12    server.dll + 0x143172
13    server.dll + 0x14d61c
14    server.dll + 0x14d67a
15    server.dll + 0x144524
16    server.dll + 0x14de65
17    server.dll + 0x145374
18    server.dll + 0xeed5b
19    sourcemod.2.l4d2.dll!__SourceHook_FHCls_IServerGameDLLGameFramefalse::Func(bool) [sourcemod.cpp:54 + 0xa3] 
20    engine.dll + 0x1240c7
21    engine.dll + 0x125207
22    engine.dll + 0x18e9f8
23    engine.dll + 0x190246
24    engine.dll + 0x1909a3
25    engine.dll + 0x1a006b
26    engine.dll + 0x1a01bf
27    engine.dll + 0x1a0264
28    engine.dll + 0x2003e4
29    engine.dll + 0x1fda01
30    dedicated.dll + 0x31ce
31    dedicated.dll + 0x3906
32    dedicated.dll + 0x27dae
33    dedicated.dll + 0x4976
34    srcds.exe + 0x11fd
35    srcds.exe + 0x1929
36    kernel32.dll!BaseThreadInitThunk + 0x19
37    ntdll.dll!__RtlUserThreadStart + 0x2f
38    ntdll.dll!_RtlUserThreadStart + 0x1b
Is this fixable with a detour in case it's another one of those null pointer deference issues or is this mainly a map issue that the author has to address?

Last edited by cravenge; 09-13-2021 at 06:21.
cravenge is offline
yzybb
Member
Join Date: Jul 2020
Old 09-26-2021 , 09:21   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #2

hello,Has the problem been solved? We have the same situation.

https://crash.limetech.org/66iqzorjwadl
https://crash.limetech.org/ap7annfs72m5
https://crash.limetech.org/avwnhv6f6qlt

I doubt whether it is related to this?(https://forums.alliedmods.net/showthread.php?p=2738865)
yzybb is offline
yzybb
Member
Join Date: Jul 2020
Old 12-14-2021 , 04:48   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #3

Hello, cravenge, is there a way to solve this situation?

Last edited by yzybb; 12-14-2021 at 05:25.
yzybb is offline
AK978
Senior Member
Join Date: Jun 2018
Old 12-30-2021 , 08:39   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #4

Same problem.
AK978 is offline
Gold Fish
Senior Member
Join Date: Mar 2020
Old 01-21-2022 , 05:58   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #5

Very often the server crashed with this error
__________________
-

PHP Code:
public OnClientConnect(int Client) {
    
KickClient(Client"sorry");

Gold Fish is offline
Silvers
SourceMod Plugin Approver
Join Date: Aug 2010
Location: SpaceX
Old 01-21-2022 , 06:31   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #6

Try this. I only tested that the detour triggers correctly on Windows. Not tested if this actually fixes the problem but if its a null pointer from "this" maybe? At least someone could use this to figure out a solution if it doesn't work.

Please report if crashes no longer occur.

Requires dhooks with detours support.

Edit: Maybe I should have added a log message when the ptr is null so we know it's working/the issue. I'll add when I get time.

Edit2: Plugin moved to post 10.
__________________

Last edited by Silvers; 01-21-2022 at 14:30.
Silvers is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine on fire
Old 01-21-2022 , 12:00   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #7

If that's the same issue, it is not null pointer problem, but invalid memory location.

Code:
SIGSEGV /SEGV_MAPERR accessing 0x43300818

movss xmm0, [edx+0x18]
Code:
CNavLadder *__stdcall CNavLadder::GetPosAtHeight(CNavLadder *this, float a2, float a3)
...
v4 = *(float *)(LODWORD(a2) + 24);
which holds ptr from somewhere of previous PathFollower:: calls.
__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch & FreeZone)
[My plugins] [My tools] [GitHub] [Articles] [HiJackThis+] [Donate]
Dragokas is offline
Silvers
SourceMod Plugin Approver
Join Date: Aug 2010
Location: SpaceX
Old 01-21-2022 , 12:08   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #8

I couldn't find the linux crash logs to see the problem. Thanks for linking.

Then need to test if the ptr is valid. How could we do that? Read that memory location and check some of the data, comparing to what's "normal" values maybe?

PHP Code:
    vPos[0] = view_as<float>(LoadFromAddress(view_as<Address>(pThis 4), NumberType_Int32));
    
vPos[1] = view_as<float>(LoadFromAddress(view_as<Address>(pThis 8), NumberType_Int32));
    
vPos[2] = view_as<float>(LoadFromAddress(view_as<Address>(pThis 12), NumberType_Int32));
    
PrintToChatAll("A %d == %0.2f %0.2f %0.2f"pThisvPos[0], vPos[1], vPos[2]); 
This is the ladder position. But the "func_simpleladder" entity has no position vector that I can see. All return 0,0,0. If we could get that and check for nearby ladders then maybe that's a solution, if the crash happens from these ladders not existing for whatever reason. Although I deleted all ladders and the function still triggers fine. Maybe the address becomes invalid and therefore the data would be invalid, so still checking for a nearby ladder would solve the issue.
__________________

Last edited by Silvers; 01-21-2022 at 12:42.
Silvers is offline
Dragokas
Veteran Member
Join Date: Nov 2017
Location: Ukraine on fire
Old 01-21-2022 , 12:16   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #9

Quote:
Originally Posted by Silvers View Post

Then need to test if the ptr is valid. How could we do that?
Via IsValidPointer() of MemoryEx.

We can manually calculate (float *)(LODWORD(a2) + 24), than pass this address to check.

EDIT.

You'll just need to:
PHP Code:
#include <MemoryEx>

public void OnPluginStart()
{
    
CheckInitPEB(); 

__________________
Expert of CMD/VBS/VB6. Malware analyst. L4D fun (Bloody Witch & FreeZone)
[My plugins] [My tools] [GitHub] [Articles] [HiJackThis+] [Donate]

Last edited by Dragokas; 01-21-2022 at 12:21.
Dragokas is offline
Silvers
SourceMod Plugin Approver
Join Date: Aug 2010
Location: SpaceX
Old 01-21-2022 , 12:45   Re: [L4D2] Crash on CNavLadder::GetPosAtHeight
Reply With Quote #10

Here's a version using MemoryEx.

Please report if crashes no longer seem to occur.

Requires DHooks with dynamic detours support.

Updated. New GameData required from version 0.3+

ChangeLog
Code:
0.4 (21-Jan-2022)
	- Added debugging log when an error is detected. Saved to "logs/ladder_patch.log" printing map and position of ladder.

0.3 (21-Jan-2022)
	- Beta release checking the problem offset. Thanks to "Dragokas" for reporting.

0.2 (21-Jan-2022)
	- Beta release with MemoryEx support.

0.1 (21-Jan-2022)
	- Initial beta release.
Plugin moved to: https://forums.alliedmods.net/showthread.php?t=336298
__________________

Last edited by Silvers; 02-10-2022 at 03:12.
Silvers is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 06:18.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode