Memory allocation is broken for NDTObjectArray
Opened this issue · 0 comments
Hey!
First of all, thanks for an amazing base, I'm currently learning reverse-engineering and decided to poke at older ArmA 3 versions networking. Pulling out keys and parsing structs was a lot of fun :)
Right now I got everything working smoothly - all packets are getting parsed and logged correctly, and stock callbacks are working great too
A couple of packets are starting to crash the program once I setup callbacks however - for example setting a callback on MessageCreateAIGroup
will lead to a guaranteed crash on server join
It always crashes while trying to write first string of whatever object is contained in array, in this case:
MessageCreateAIGroup -> waypoints[0] (MessageWaypoint) -> description (NDTString)
An example backtrace
#0 0x00007f7568ecc6bd in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::operator=(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&&) () from /lib/x86_64-linux-gnu/libstdc++.so.6
#1 0x0000000000499cb0 in a3parser::decode_message_item (this=0xaf1ea0, to=0, src=0x7ffc2eed6068, format=..., msg=0x7f756000aba0 "\222\201\063F\204H\\C\277\302\353E") at src/a3parser.cpp:808
#2 0x00000000004997ff in a3parser::decode_message (this=0xaf1ea0, to=0, src=0x7ffc2eed6068, format=0x571010 <GMsgFormats+2656>, type=106, msg=0x7f756000aba0 "\222\201\063F\204H\\C\277\302\353E") at src/a3parser.cpp:430
#3 0x000000000049bb33 in a3parser::decode_message_item (this=0xaf1ea0, to=0, src=0x7ffc2eed6068, format=..., msg=0x7f7560001a60 "\002") at src/a3parser.cpp:1090
#4 0x00000000004997ff in a3parser::decode_message (this=0xaf1ea0, to=0, src=0x7ffc2eed6068, format=0x570fd0 <GMsgFormats+2592>, type=103, msg=0x7f7560001a60 "\002") at src/a3parser.cpp:430
#5 0x00000000004986ab in a3parser::process_messages (this=0xaf1ea0, src=0x7ffc2eed6068, to=0) at src/a3parser.cpp:357
#6 0x0000000000497cc0 in a3parser::parse_packet (this=0xaf1ea0, pkt=0x7f756000a830) at src/a3parser.cpp:178
#7 0x00000000004b5d65 in main (argc=2, argv=0x7ffc2eed6dd8) at src/main.cpp:138
This happens with all packets containing NDTObjectArray
in any way, shape or form - it gets logged fine, but set a callback on it and everything dies
Was planning to fix it and make a PR, but it already ate a lot of my personal time, so I decided to just post an issue for now, might tackle it later :)