View Issue Details

IDProjectCategoryView StatusLast Update
0008129Multi Theft Auto : San AndreasClientpublic2014-05-24 00:25
ReporterTosfera Assigned Tosbx320  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
Target Version1.4 
Summary0008129: Replacing a specific weaponmodel will crash your client
Description

So, while I'm replacing a specific model ( parachute: 371 ) my client crashes. The model isn't corrupt because if I replace it on another weapon ( let's say M4 ) it does work. Every single model I'm trying to replace on the parachute will crash my client. Not only my client, but also the client of all the players.

Steps To Reproduce

Add a simple parachute model to your meta, and use the following code;

txd = engineLoadTXD ( "bag.txd" );
engineImportTXD ( txd, 371 );
dff = engineLoadDFF ( "bag.dff", 0 );
engineReplaceModel ( dff, 371 );

Whenever you start the script or join the server when the script is running, your client will crash.

Additional Information

Crash error:

Version = 1.3.5-release-6162.3.000
Time = Sun Mar 30 12:42:24 2014
Module = G:\games\GTA - San Andreas\gta_sa.exe
Code = 0xC0000005
Offset = 0x001371AC

EAX=00749100 EBX=0028F2B8 ECX=00000000 EDX=D9DF1DC8 ESI=1EC75880
EDI=00000000 EBP=0497E500 ESP=0028F24C EIP=005371AC FLG=00210246
CS=0023 DS=002B SS=002B ES=002B FS=0053 GS=002B

TagsNo tags attached.

Relationships

duplicate of 0006608 resolvedsbx320 Multi Theft Auto : San Andreas Custom melee weapons crash the game 
has duplicate 0006731 closed New issues replacing the weapons 
has duplicate 0006868 resolvedsbx320 Multi Theft Auto : San Andreas engineReplaceModel not works with some models 

Activities

einheit-101

2014-03-30 13:04

reporter   ~~0020502

I can confirm this issue. Replacing parachute does crash the Client immediately.

Dutchman101

2014-03-30 13:56

updater   ~~0020504

Last edited: 2014-03-30 13:57

Attach crashdump from dumps/priv
btw, same crash: https://forum.mtasa.com/viewtopic.php?f=91&t=54436

Dutchman101

2014-03-30 14:07

updater   ~~0020505

Btw, very old crash... also on 1.3:

Version = 1.3-release-3916.0.000
Time = Thu Apr 05 12:22:01 2012
Module = C:\Program Files\Rockstar Games\GTA San Andreas\gta_sa.exe
Code = 0xC0000005
Offset = 0x001371AC

EAX=00749100 EBX=0028F30C ECX=00000000 EDX=DFEEBD10 ESI=20381388
EDI=00000000 EBP=05113F50 ESP=0028F2A4 EIP=005371AC FLG=00010246
CS=0023 DS=002B SS=002B ES=002B FS=0053 GS=002B

Tosfera

2014-03-30 14:09

viewer   ~~0020506

Might be old, but it is in my way right now. I've had the problem before but found a workaround ( just not replacing it ).

Dutchman101

2014-03-30 14:12

updater   ~~0020507

Tosfera, attach an priv crashdump so I can analyze it quickly then.

Tosfera

2014-03-30 14:22

viewer   ~~0020508

I can't attach it anymore, I'd upload it for you on my webhost; http://goo.gl/bDvG6h ( made it shorter to avoid advertisement :) )

Dutchman101

2014-03-30 15:08

updater   ~~0020510

APPLICATION_FAULT_NULL_POINTER_READ_BEFORE_CALL
APPLICATION_FAULT_NULL_POINTER_READ_BEFORE_CALL_DETOURED_gta_sa+1371ac

gta_sa+1371ac
005371ac 8b17 mov edx,dword ptr [edi]
FAULTING_THREAD: 00001b44

CreateVertexDecl fail: hr:80004005 [0,0,14,0,0,0]
CreateVertexDecl
CreateVertexDecl fail: hr:80004005 [0,0,13,0,0,0]
CreateVertexDecl
CreateVertexDecl fail: hr:80004005 [0,0,12,0,0,0]
CreateVertexDecl
CreateVertexDecl fail: hr:80004005 [0,0,11,0,0,0]4

DirectSound Administrator shared thread array (lock)

Devs, full dumptrace: http://pastebin.com/FtMnNWfB

Why all this effort.. I also want this crash fixed :)

ccw

2014-04-02 02:28

administrator   ~~0020540

Could be due to the new model not having the same layout as the original.

Grafu

2014-04-02 06:44

viewer   ~~0020541

I believe this would even happen, if you tried replacing specific ID models with their own .dff and .txd

arranTuna

2014-04-08 17:38

manager   ~~0020618

I've experienced this along time ago too but someone should upload a test resource that reproduces the crash.

Tosfera

2014-05-15 10:41

viewer   ~~0020890

Last edited: 2014-05-15 11:13

I've written a quick example of the replacement of a backpack, you can find it at my dropbox on the following link. The resource includes the model;

https://dl.dropboxusercontent.com/u/50693175/backpack-replace.zip

"Could be due to the new model not having the same layout as the original.",
You can replace a box with a tree, so why would it matter at this object? :o

arranTuna

2014-05-15 13:23

manager   ~~0020894

Last edited: 2014-05-15 13:23

A tree is not a weapon though. Weapons are much more complex than a static object and how is a backpack a weapon model? Oh you mean parachute?

qaisjp

2014-05-15 17:35

administrator   ~~0020901

ArranTuna, I think he's changing the parachute model to a backpack model. I'm sure he doesn't have the parachute resource running.

Tosfera

2014-05-15 20:04

viewer   ~~0020902

The parachute resource is a default resource which is running, and I am replacing the parachute with another model. ^^

Dutchman101

2014-05-16 19:55

updater   ~~0020906

@ tosfera, that test resource doesn't work nor does it replace models/crash

arranTuna

2014-05-16 20:04

manager   ~~0020907

Last edited: 2014-05-17 18:44

addEventHandler ( "onClientResourceStart", root,
fuction ()

First of all that should be resourceRoot not root.

Second of all it fails to load because of "fuction" instead of "function"

Edit: Even with those script fixes, it still doesn't work, the parachute is no different to the default one with your resource running.

Edit: Which means we need another test resource for this crash.

Tosfera

2014-05-18 18:43

viewer   ~~0020912

Last edited: 2014-05-18 18:47

I'm sorry, I quite messed up there... You were right Arran, there were some typo's and it isn't getting replace because of the wrong ID given at the replacement of the model. The right ID that had to be replace was 371, an updated version can be found here;

https://dl.dropboxusercontent.com/u/50693175/backpack-replace%20v2.zip

edit; tried to replace another 'weapon' ( tested ID 326, 'Cane' ) which also crashed my client. So I think it'll be what ccw said;

"Could be due to the new model not having the same layout as the original."

Dutchman101

2014-05-20 14:26

updater   ~~0020917

Last edited: 2014-05-20 14:35

If needed here's an relevant crashdump: https://mega.co.nz/#!oN0TzRib!MMwaYGbdr3GNSKkCAWD-MVLD2XEGVzX8nIoYPwtrYM4
(reproduced with the test resource, and only an MTA session to do so, means the dump isn't that huge and only contains info about the crash event)

dump contents: http://pastebin.com/H2VtN5ut

crashes on offset 0x001371AC (try googling it)

If this crash won't get fixed it might become an problem for future model modding, (one of the most basic things)
please look into it....

einheit-101

2014-05-20 17:47

reporter   ~~0020918

It would be better to fix the custom-vehicle dummy misplacement and other vehicle related issues.

sbx320

2014-05-20 19:34

administrator   ~~0020920

This doesn't appear to be caused by an bad format of the dff, since even replacing a model with the original SA one crashes the game at the exact offset.

After investigating a bit further it appears that ARRAY_ModelInfo[371] is a CWeaponModelInfoSAInterface*. CWeaponModelInfoSAInterface->AsAtomicModelInfoPtr() returns NULL.

In CFileLoader::SetRelatedModelInfoCB (0x537150) the following code is executed (transcribed into C++):
edi = ARRAY_ModelInfo[AtomicsReplacerModelID]->AsAtomicModelInfoPtr();

This results in edi containing a NULL pointer, instead of a CAtomicModelInfoSAInterface*. This NULL pointer is then used, resulting in the crash.

Going up the callstack of MTA the following comparisation can be found:
else if ( ( m_dwModelID >= 331 && m_dwModelID <= 369 ) || m_dwModelID == 372)
{
// We are a weapon.
pGame->GetRenderWare ()->ReplaceWeaponModel ( pClump, static_cast < unsigned short > ( m_dwModelID ) );
}
This check does not include all weapon ids, and thus the model 371 (and also all melee weapons) is misinterpreted to be not a weapon.

Fixed in https://code.google.com/p/mtasa-blue/source/detail?r=6439

Issue History

Date Modified Username Field Change