Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memory corruption on connecting to Online Lobby #91

Open
xezon opened this issue Oct 7, 2021 · 0 comments · May be fixed by #348
Open

Memory corruption on connecting to Online Lobby #91

xezon opened this issue Oct 7, 2021 · 0 comments · May be fixed by #348
Labels
Bug Something is not working right Critical Severity: Minor < Major < Critical < Blocker ZeroHour Relates to Zero Hour

Comments

@xezon
Copy link

xezon commented Oct 7, 2021
edited
Loading

Application Verifier is enabled with "Basics" enabled.
Memory corruption on connecting to Online Lobby.

ZH CD version game.dat

=======================================
VERIFIER STOP 00000010: pid 0x1BA8: Corrupted start stamp for heap block. 

    05771000 : Heap handle used in the call.
    4EB3EEB0 : Heap block involved in the operation.
    445CBFD8 : Size of the heap block.
    00000000 : Corrupted stamp value.


=======================================
This verifier stop is not continuable. Process will be terminated 
when you use the `go' debugger command.

=======================================

>    vrfcore.dll!_VerifierStopMessageEx()  + 0x5b8 bytes    
     vrfcore.dll!VfCoreRedirectedStopMessage()  + 0x80 bytes    
     verifier.dll!_VerifierStopMessage@40()  + 0x84 bytes    
     verifier.dll!_AVrfpDphReportCorruptedBlock@16()  + 0x2fc bytes    
     verifier.dll!_AVrfpDphCheckNormalHeapBlock@16()  + 0x11a bytes    
     verifier.dll!_AvrfpDphCheckPageHeapAllocation@8()  + 0x6b bytes    
     verifier.dll!_VerifierCheckPageHeapAllocation@8()  + 0x12 bytes    
     vfbasics.dll!_AVrfpRtlFreeHeap@12()  + 0x5b bytes    
     snmpapi.dll!_SnmpUtilOidFree@4()  + 0x24 bytes    
     snmpapi.dll!_SnmpUtilVarBindFree@4()  + 0x13 bytes    
     snmpapi.dll!_QueryToVarBindList@20()  + 0xb0 bytes    
     snmpapi.dll!_QueryListToVarBindList@20()  + 0x40 bytes    
     snmpapi.dll!_SnmpTfxQuery@20()  + 0x88 bytes    
     inetmib1.dll!_SnmpExtensionQuery@16()  + 0x1d bytes    
     game.dat!006ff8c5()              <-------- problem in game

BOOL SNMP_FUNC_TYPE SnmpExtensionQuery(
  BYTE            bPduType,
  SnmpVarBindList *pVarBindList,
  AsnInteger32    *pErrorStatus,
  AsnInteger32    *pErrorIndex
);

typedef struct {
  AsnObjectName   name;
  AsnObjectSyntax value;
} SnmpVarBind;

typedef struct {
  SnmpVarBind *list;
  UINT        len;
} SnmpVarBindList;

It tries to free an unallocated SnmpVarBind from the list.
Probably the pVarBindList argument is garbage.

garbage

The AsnAny structure passed in the SnmpVarBind* structure is invalid.
The variable type contained in asnType is invalid.
The structure looks like as if it was memset'd to zero.
The SnmpExtensionQuery function is used to process requests sent from the server.
@xezon xezon added Bug Something is not working right Critical Severity: Minor < Major < Critical < Blocker Executable Is game code related labels Oct 7, 2021
@xezon xezon closed this as completed Oct 7, 2021
This was referenced Oct 7, 2021
Open
Open
@xezon xezon reopened this Dec 21, 2021
@xezon xezon transferred this issue from TheSuperHackers/GeneralsGamePatch Feb 28, 2025
JAJames added a commit to JAJames/GeneralsGameCode that referenced this issue Mar 4, 2025
@JAJames
TheSuperHackers#91: Fix invalid memory access, potential leak
688225b
@JAJames JAJames linked a pull request Mar 4, 2025 that will close this issue
Draft
@DevGeniusCode DevGeniusCode added ZeroHour Relates to Zero Hour and removed Executable Is game code related labels Mar 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something is not working right Critical Severity: Minor < Major < Critical < Blocker ZeroHour Relates to Zero Hour
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#91: Fix invalid memory access, potential leak JAJames/GeneralsGameCode
2 participants
@xezon @DevGeniusCode