mirror of
https://github.com/ValveSoftware/source-sdk-2013.git
synced 2025-01-15 00:08:08 +03:00
Client Crash: Creating bugbait at particle limit
Crash in client.dll via dangling pointer dereference when bugbait's spore particle effect is created when at the old particle system's max particle limit. SporeEffect object needed to be wrapped in CSmartPtr<>, just as the other particle objects are in the same file. CSmartPtr allows detection to check if the child particle effect was freed. Just as the other effects do. Added similar null checks missing in OnDataChanged() and AddParticles() Appears to be a simple oversight. Discovered: Played with around 50 players on server. Many throwing bugbait. Gathered crash dumps from some affected players. Test Case: Spawn around ~40 bots, bot_mimic 1, give weapon_bugbait, throw a few bugbaits to quickly induce crash
This commit is contained in:
parent
0d8dceea43
commit
b2caee3f2a
@ -950,7 +950,10 @@ void C_SporeExplosion::OnDataChanged( DataUpdateType_t updateType )
|
|||||||
m_teParticleSpawn.Init( m_flSpawnRate );
|
m_teParticleSpawn.Init( m_flSpawnRate );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( m_pSporeEffect.IsValid() )
|
||||||
|
{
|
||||||
m_pSporeEffect->SetDontRemove( m_bDontRemove );
|
m_pSporeEffect->SetDontRemove( m_bDontRemove );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//-----------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------
|
||||||
@ -981,6 +984,11 @@ void C_SporeExplosion::Start( CParticleMgr *pParticleMgr, IPrototypeArgAccess *p
|
|||||||
//-----------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------
|
||||||
void C_SporeExplosion::AddParticles( void )
|
void C_SporeExplosion::AddParticles( void )
|
||||||
{
|
{
|
||||||
|
if( !m_pSporeEffect )
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
//Spores
|
//Spores
|
||||||
Vector offset;
|
Vector offset;
|
||||||
Vector dir;
|
Vector dir;
|
||||||
|
@ -249,7 +249,7 @@ private:
|
|||||||
PMaterialHandle m_hMaterial;
|
PMaterialHandle m_hMaterial;
|
||||||
TimedEvent m_teParticleSpawn;
|
TimedEvent m_teParticleSpawn;
|
||||||
|
|
||||||
SporeEffect *m_pSporeEffect;
|
CSmartPtr<SporeEffect> m_pSporeEffect;
|
||||||
CParticleMgr *m_pParticleMgr;
|
CParticleMgr *m_pParticleMgr;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -950,7 +950,10 @@ void C_SporeExplosion::OnDataChanged( DataUpdateType_t updateType )
|
|||||||
m_teParticleSpawn.Init( m_flSpawnRate );
|
m_teParticleSpawn.Init( m_flSpawnRate );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( m_pSporeEffect.IsValid() )
|
||||||
|
{
|
||||||
m_pSporeEffect->SetDontRemove( m_bDontRemove );
|
m_pSporeEffect->SetDontRemove( m_bDontRemove );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//-----------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------
|
||||||
@ -981,6 +984,11 @@ void C_SporeExplosion::Start( CParticleMgr *pParticleMgr, IPrototypeArgAccess *p
|
|||||||
//-----------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------
|
||||||
void C_SporeExplosion::AddParticles( void )
|
void C_SporeExplosion::AddParticles( void )
|
||||||
{
|
{
|
||||||
|
if( !m_pSporeEffect )
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
//Spores
|
//Spores
|
||||||
Vector offset;
|
Vector offset;
|
||||||
Vector dir;
|
Vector dir;
|
||||||
|
@ -249,7 +249,7 @@ private:
|
|||||||
PMaterialHandle m_hMaterial;
|
PMaterialHandle m_hMaterial;
|
||||||
TimedEvent m_teParticleSpawn;
|
TimedEvent m_teParticleSpawn;
|
||||||
|
|
||||||
SporeEffect *m_pSporeEffect;
|
CSmartPtr<SporeEffect> m_pSporeEffect;
|
||||||
CParticleMgr *m_pParticleMgr;
|
CParticleMgr *m_pParticleMgr;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user