Memory corruption on loading into Network match #92
Description
Application Verifier is enabled with "Basics" enabled.
Crash on loading into Network match with TestAllFactions map.
ZH CD version game.dat
> game.dat!00830a89()
[Frames below may be incorrect and/or missing, no symbols loaded for game.dat]
game.dat!008302fc()
game.dat!0082f7dd()
game.dat!0081ad88()
game.dat!0081ac1c()
game.dat!00815aaa()
game.dat!00932aa9()
game.dat!00763e0b()
game.dat!008095ae()
game.dat!00740709()
game.dat!007ce807()
game.dat!007ce68d()
game.dat!004fab69()
game.dat!004fabc1()
game.dat!004fabc1()
game.dat!004fabc1()
game.dat!004fac43()
game.dat!007a964d()
game.dat!0073e78d()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!00650052()
game.dat!00650052()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!005c0032()
game.dat!005c0032()
game.dat!006e0069()
game.dat!006e0069()
EAX = 00000000 EBX = 00002248 ECX = 0E194388 EDX = 00966EE4 ESI = 0E194388 EDI = 00000000 EIP = 00830A89 ESP = 0019F828 EBP = 1A6217D8 EFL = 00210212
00830A80 sub esp,8
00830A83 push esi
00830A84 mov esi,ecx
00830A86 mov eax,dword ptr [esi+14h]
00830A89 mov ecx,dword ptr [eax] <----- crashes here: eax is 0
00830A8B push edi
00830A8C push eax
00830A8D call dword ptr [ecx+34h]
00830A90 xor edi,edi
00830A92 test eax,eax
00830A94 mov dword ptr [esi+24h],eax
00830A97 jbe 00830AD6
00830A99 push ebx
00830A9A lea ebx,[esi+68h]
00830A9D mov eax,dword ptr [esi+14h]
00830AA0 mov edx,dword ptr [eax]
...
Follow up hit after exception above:
=======================================
VERIFIER STOP 00000013: pid 0x27A4: First chance access violation for current stack trace.
00000000 : Invalid address causing the exception.
00830A89 : Code address executing the invalid access.
0019F334 : Exception record.
0019F384 : Context record.
=======================================
This verifier stop is continuable.
After debugging it use `go' to continue.
=======================================
Same but slightly different callstack when loading Skirmish with map below, then quitting to Score screen, then hitting Quit button in Scorescreen.
6p cb zh, moqqy balanced 3 plus.zip
> game.dat!00830a89()
[Frames below may be incorrect and/or missing, no symbols loaded for game.dat]
game.dat!008302fc()
game.dat!0082f7dd()
game.dat!0081ad88()
game.dat!0081ac1c()
game.dat!00815aaa()
game.dat!00932aa9()
game.dat!00763e0b()
game.dat!008095ae()
game.dat!00740709()
game.dat!004fac43()
game.dat!007a964d()
game.dat!0073e78d()
game.dat!00413c9d()
game.dat!004f9b41()
game.dat!004ad2e0()
game.dat!0040fcf4()
game.dat!00741c89()
game.dat!0040fdaa()
game.dat!00413866()
game.dat!00401c46()
verifier.dll!_AVrfpDphPostProcessing@4() + 0x1a bytes
verifier.dll!_AVrfpDphPlaceOnDelayFree@8() + 0x258 bytes
0019fbb8()
ntdll.dll!773bfe30()
ntdll.dll!7737636b()
ntdll.dll!7732288a()
vfbasics.dll!_AVrfpSRWLockFreeMemoryChecks@16() + 0xab bytes
verifier.dll!_AVrfpDphFindBusyMemoryNoCheck@8() + 0x4f bytes
6172656e()
ntdll.dll!773c05c8()
vfbasics.dll!_AVrfpFreeForOwnersTree@8() + 0x3a bytes
ntdll.dll!7737e4ac()
msvcrt.dll!754170f2()
msvcrt.dll!75436f95()
msvcrt.dll!754364f1()
msvcrt.dll!75426e3d()
msvcrt.dll!75426e23()
game.dat!008e0c57()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!00650052()
game.dat!00650052()
game.dat!006e0069()
game.dat!006e0069()
game.dat!006e0069()
game.dat!005c0032()
game.dat!005c0032()
game.dat!006e0069()
game.dat!006e0069()