Skip to content

bugfix(contain): Prevent objects from being added to destroyed container object #2746

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Caball009 wants to merge 6 commits into
base: main
Choose a base branch
from
+38 −4
Open

bugfix(contain): Prevent objects from being added to destroyed container object #2746

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
bb5b0a2
Made hidden drawables visible.
Caball009 May 26, 2026
0844fa1
Added logic to prevent occupant from entering a destroyed container o…
Caball009 May 26, 2026
ee3475d
Added code to prevent the creation of the payload.
Caball009 May 26, 2026
735d827
Added debug assertions for destroyed container objects.
Caball009 May 26, 2026
6544358
Tweaked TSH comments.
Caball009 May 26, 2026
9ad33a2
Moved call to 'Drawable::setDrawableHidden'.
Caball009 May 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 26 additions & 3 deletions GeneralsMD/Code/GameEngine/Source/GameLogic/Object/Contain/OpenContain.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -247,9 +247,17 @@ void OpenContain::addOrRemoveObjFromWorld(Object* obj, Bool add)
// remove rider from partition manager
ThePartitionManager->unRegisterObject( obj );

// hide the drawable associated with rider
if( obj->getDrawable() )
obj->getDrawable()->setDrawableHidden( true );
if (Drawable* drawable = obj->getDrawable())
{
#if RETAIL_COMPATIBLE_CRC
// TheSuperHackers @tweak This shouldn't happen but don't make the occupant invisible if it does.
if (!(getObject()->isEffectivelyDead() || getObject()->isDestroyed()))
#endif
{
// hide the drawable associated with rider
drawable->setDrawableHidden(true);
}
}

// remove object from pathfind map
TheAI->pathfinder()->removeObjectFromPathfindMap( obj );
Expand Down Expand Up @@ -292,11 +300,26 @@ void OpenContain::addToContain( Object *rider )
if( rider == nullptr )
return;

#if !RETAIL_COMPATIBLE_CRC
// TheSuperHackers @bugfix Caball009 25/05/2026 Ensure the occupant is only added to a non-destroyed
// container to avoid an invalid state and use-after-free bugs when accessing the contained by pointer.
Copy link
Copy Markdown

@xezon xezon May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

contained == containee (rider) or container?

Copy link
Copy Markdown
Author

@Caball009 Caball009 May 27, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Object* m_containedBy ?

Copy link
Copy Markdown

@xezon xezon May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

containedBy refers to the container.

Copy link
Copy Markdown
Author

@Caball009 Caball009 May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure what you're asking then.

Copy link
Copy Markdown

@xezon xezon May 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh ok I did not realize "contained by" refers to "m_containedBy".

if (getObject()->isDestroyed())
{
DEBUG_CRASH(("'%s' is about to be added to '%s', which is destroyed",
rider->getTemplate()->getName().str(), getObject()->getTemplate()->getName().str()));
return;
}
#endif

// TheSuperHackers @bugfix Stubbjax 06/02/2026 Ensure the rider is not destroyed to prevent a
// likely crash if it enters the container on the same frame. If this occurs with an unpatched
// client present in a match, the game has a small chance to mismatch.
if (rider->isDestroyed())
{
DEBUG_CRASH(("'%s', which is destroyed, is about to be added to '%s'",
rider->getTemplate()->getName().str(), getObject()->getTemplate()->getName().str()));
return;
}

Drawable *riderDraw = rider->getDrawable();
Bool wasSelected = FALSE;
Expand Down
13 changes: 12 additions & 1 deletion GeneralsMD/Code/GameEngine/Source/GameLogic/Object/Contain/TransportContain.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -469,8 +469,19 @@ UpdateSleepTime TransportContain::update()
{
const TransportContainModuleData *moduleData = getTransportContainModuleData();

if( m_payloadCreated == FALSE )
if (m_payloadCreated == FALSE)
{
#if RETAIL_COMPATIBLE_CRC
createPayload();
#else
// TheSuperHackers @bugfix Caball009 25/05/2026 Don't create payload
// for destroyed object to avoid leaving the payload in an invalid state.
if (!getObject()->isDestroyed())
{
createPayload();
}
#endif
}

if( moduleData && moduleData->m_healthRegen )
{
Expand Down
Loading