Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sfFontStuff heap corruption #2157

Closed
gottfriedleibniz opened this issue Aug 14, 2023 · 0 comments
Closed

sfFontStuff heap corruption #2157

gottfriedleibniz opened this issue Aug 14, 2023 · 0 comments
Assignees
@gottfriedleibniz

Comments

@gottfriedleibniz
Copy link
Contributor

gottfriedleibniz commented Aug 14, 2023
edited
Loading

There are race conditions within HandleSprite (via drawTextStub) that is corrupting the underlying GMemoryHeapPT instance. This issue has been masked/softened by the SEH frame, but emerged elsewhere in 2944.

Since the heap is not flagged as thread-safe/critical (reference its allocation methods that include a +0xC0 check), MainThrd and Render will be fighting at several places. Additionally, the HandleSprite function itself is not particularly thread-safe (e.g., follow the CreateCharacterInstance/Reset code down to GASEnvironment interactions and the likes). Given how gross the GFx assembly is somebody else verifying this will be required.

My current workaround has been to ensure g_movie's HeapPT is flagged in HandleEarlyLoading and throwing a mutex at HandleSprite; there are likely better solutions (besides my ~6 line hack). Also, test(rax, rax) could probably be changed to eax.

A reproduction can be found on the forum.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gottfriedleibniz gottfriedleibniz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gottfriedleibniz