Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access violation in il2cpp::vm::String::New when SteamMatchmakingServers__RequestInternetServerList was creating a KeyValuePair #658

Open
andefoo opened this issue Jun 1, 2022 · 4 comments
Open

Access violation in il2cpp::vm::String::New when SteamMatchmakingServers__RequestInternetServerList was creating a KeyValuePair #658

andefoo opened this issue Jun 1, 2022 · 4 comments
Assignees
@garrynewman

Comments

@andefoo
Copy link

andefoo commented Jun 1, 2022

Describe the bug

One player managed to crash the game by querying servers in the host list (having refreshed the list several times). I have not managed to reproduce it, but I got the dump file and according to it, the game crashed in il2cpp::vm::String::New when creating a MatchmakingKeyValuePair.

Not sure if this is a Unity, IL2CPP, Steam or Facepunch.Steamworks bug. Any ideas?

Crash text and relevant part of the callstack:

Unhandled exception at 0x00007FFCEE28EC13 (GameAssembly.dll) in crash.dmp: 0xC0000005: Access violation reading location 0x000002219D1AF030.

>	[Inline Frame] GameAssembly.dll!il2cpp::vm::String::New(const char *) Line 67	C++
 	GameAssembly.dll!il2cpp::vm::String::NewWrapper(const char * str) Line 67	C++
 	GameAssembly.dll!MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back(const MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke & marshaled, MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D & unmarshaled) Line 47729	C++
 	[Inline Frame] GameAssembly.dll!ISteamMatchmakingServers__RequestInternetServerList_mB116BC92C67CDEB82DC447223B4727E9DB6642D0(__int64) Line 35035	C++
 	GameAssembly.dll!ISteamMatchmakingServers_RequestInternetServerList_mBB536A0F87AE80529C48BBCD9C450C41B4621723(ISteamMatchmakingServers_tEBD49134A036D782F07303D6B403D47F655D3D6D * __this, AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101 ___iApp0, MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90 * * ___ppchFilters1, unsigned int ___nFilters2, __int64 ___pRequestServersResponse3, const MethodInfo * method) Line 35055	C++
 	GameAssembly.dll!Internet_LaunchQuery_m848F6B10086353E066D2100AE8C90C4E5FE120DC(Internet_t011FB46D657310808041BA12FE13FDF50520FCBC * __this, const MethodInfo * method) Line 25743	C++
 	[Inline Frame] GameAssembly.dll!VirtualActionInvoker0::Invoke(unsigned short) Line 21	C++
 	GameAssembly.dll!U3CRunQueryAsyncU3Ed__15_MoveNext_m2CFAF729919431B335B5A89F64E374E565884F5A(U3CRunQueryAsyncU3Ed__15_tB5C649B48401671D7114B2292072DFBE4F3F4F88 * __this, const MethodInfo * method) Line 25311	C++
 	GameAssembly.dll!AsyncTaskMethodBuilder_1_Start_TisU3CRunQueryAsyncU3Ed__15_tB5C649B48401671D7114B2292072DFBE4F3F4F88_m61933FB9BF4F6D865989EC4A98D1C0E2B9B3DD50_gshared(AsyncTaskMethodBuilder_1_t651E7BA5C7209C40335555F361280911CF711AAA * __this, U3CRunQueryAsyncU3Ed__15_tB5C649B48401671D7114B2292072DFBE4F3F4F88 * ___stateMachine0, const MethodInfo * method) Line 26357	C++
 	[Inline Frame] GameAssembly.dll!AsyncTaskMethodBuilder_1_Start_TisU3CRunQueryAsyncU3Ed__15_tB5C649B48401671D7114B2292072DFBE4F3F4F88_m61933FB9BF4F6D865989EC4A98D1C0E2B9B3DD50(AsyncTaskMethodBuilder_1_t651E7BA5C7209C40335555F361280911CF711AAA *) Line 12192	C++
 	GameAssembly.dll!Base_RunQueryAsync_m128987642D6496C3296C7ED34681BE42AEF362F4(Base_t45A3FFADC3D667A671180E3584B591274F70041E * __this, float ___timeoutSeconds0, const MethodInfo * method) Line 24777	C++
 	[Inline Frame] GameAssembly.dll!VirtualFuncInvoker1<Task_1_t824317F4B958F7512E8F7300511752937A6C6043 *,float>::Invoke(unsigned short) Line 65	C++
 	GameAssembly.dll!U3CGetDedicatedServersAsyncU3Ed__6_MoveNext_m0994133333BA06FBCB7921FEE42D365C53AA9046(U3CGetDedicatedServersAsyncU3Ed__6_tBFBA1C438A6E734AB9479ABE9D1B947FFB25C495 * __this, const MethodInfo * method) Line 30850	C++
 	GameAssembly.dll!AsyncTaskMethodBuilder_1_Start_TisU3CGetDedicatedServersAsyncU3Ed__6_tBFBA1C438A6E734AB9479ABE9D1B947FFB25C495_m011D93298A4A86284BEA9D63DA66FAC2F9F35FEF_gshared(AsyncTaskMethodBuilder_1_t651E7BA5C7209C40335555F361280911CF711AAA * __this, U3CGetDedicatedServersAsyncU3Ed__6_tBFBA1C438A6E734AB9479ABE9D1B947FFB25C495 * ___stateMachine0, const MethodInfo * method) Line 26729	C++
 	[Inline Frame] GameAssembly.dll!AsyncTaskMethodBuilder_1_Start_TisU3CGetDedicatedServersAsyncU3Ed__6_tBFBA1C438A6E734AB9479ABE9D1B947FFB25C495_m011D93298A4A86284BEA9D63DA66FAC2F9F35FEF(AsyncTaskMethodBuilder_1_t651E7BA5C7209C40335555F361280911CF711AAA *) Line 8906	C++
 	[Inline Frame] GameAssembly.dll!GetHostsRequest_GetDedicatedServersAsync_m22BCBDA7FBA5C05E318925F343A7AB5F4BB2F74E(GetHostsRequest_t67128180039BAAA7F0FA3B38EBFA333F6152D299 *) Line 29950	C++
 	GameAssembly.dll!U3CPerformAsyncU3Ed__4_MoveNext_mB8EB1CBDBCA47587426EB54B0E7F0FCD82858CA4(U3CPerformAsyncU3Ed__4_t50B85533661B9017B12CD0CBBEB33A7DD09EE551 * __this, const MethodInfo * method) Line 30050	C++
 	GameAssembly.dll!AsyncTaskMethodBuilder_1_Start_TisU3CPerformAsyncU3Ed__4_t50B85533661B9017B12CD0CBBEB33A7DD09EE551_mFEBD0041FC1426820DA4431F5ADD7F58624DCF5D_gshared(AsyncTaskMethodBuilder_1_t651E7BA5C7209C40335555F361280911CF711AAA * __this, U3CPerformAsyncU3Ed__4_t50B85533661B9017B12CD0CBBEB33A7DD09EE551 * ___stateMachine0, const MethodInfo * method) Line 26853	C++
 	[Inline Frame] GameAssembly.dll!AsyncTaskMethodBuilder_1_Start_TisU3CPerformAsyncU3Ed__4_t50B85533661B9017B12CD0CBBEB33A7DD09EE551_mFEBD0041FC1426820DA4431F5ADD7F58624DCF5D(AsyncTaskMethodBuilder_1_t651E7BA5C7209C40335555F361280911CF711AAA *) Line 8896	C++
 	GameAssembly.dll!GetHostsRequest_PerformAsync_mBC427268574561673930C4EFFCB377EECE708607(GetHostsRequest_t67128180039BAAA7F0FA3B38EBFA333F6152D299 * __this, const MethodInfo * method) Line 29879	C++

To Reproduce
Query for the server list several times. There were around 9 servers in the list when this happened. Couldn't be reproduced so this is probably something rare.

Calling Code

using (var list = new Steamworks.ServerList.Internet())
{
    bool result = await list.RunQueryAsync(timeoutSeconds: 10.0f);
    // ...
}

Expected behavior
No crashing ever.

Desktop (please complete the following information):

  • OS: Windows 10
  • Unity: 2021.3.0f
@andefoo
Copy link
Author

andefoo commented Dec 14, 2022

@garrynewman any idea what could possibly cause this or what could be tried as a workaround? This seems to be a very rare issue but still sometimes happens, and with the same callstack as above.

The only key value pair array for filter should be empty as no AddFilter is called. Still, marshalling it sometimes crashes as if filters reference had become garbage. But I don't know why that would happen and the same pattern is used elsewhere, too. Related Facepunch code below:

	public class Internet : Base
	{
		internal override void LaunchQuery()
		{
			var filters = GetFilters(); 

			request = Internal.RequestInternetServerList( AppId.Value, ref filters, (uint)filters.Length, IntPtr.Zero );
		}
	}

@andefoo
Copy link
Author

andefoo commented Apr 9, 2023

This hadn't happened in a while and I was hoping it to have been fixed, but no, still happening here:

0x00007FF9ED30BFC3 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\String.cpp:68] il2cpp::vm::String::NewWrapper 
0x00007FF9ED1336F7 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:49185]

String.cpp:

    Il2CppString* String::New(const char* str)
    {
        return NewLen(str, (uint32_t)strlen(str));             // This is line 68
    }

Facepunch.Steamworks.Win643.cpp:

MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back(const MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke& marshaled, MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D& unmarshaled)
{
	unmarshaled.___Key_0 = il2cpp_codegen_marshal_string_result(marshaled.___Key_0);
	Il2CppCodeGenWriteBarrier((void**)(&unmarshaled.___Key_0), (void*)il2cpp_codegen_marshal_string_result(marshaled.___Key_0));
	unmarshaled.___Value_1 = il2cpp_codegen_marshal_string_result(marshaled.___Value_1);
	Il2CppCodeGenWriteBarrier((void**)(&unmarshaled.___Value_1), (void*)il2cpp_codegen_marshal_string_result(marshaled.___Value_1));         // This is line 49185
}

Full call stack:

0x00007FF9ED30BFC3 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\String.cpp:68] il2cpp::vm::String::NewWrapper 
0x00007FF9ED1336F7 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:49185] MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back 
0x00007FF9ED6B5F2D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win64.cpp:36037] ISteamMatchmakingServers_RequestInternetServerList_mBB536A0F87AE80529C48BBCD9C450C41B4621723 
0x00007FF9ED724C69 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:27198] Internet_LaunchQuery_m848F6B10086353E066D2100AE8C90C4E5FE120DC 
0x00007FF9ED7377A7 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:26761] U3CRunQueryAsyncU3Ed__15_MoveNext_m2CFAF729919431B335B5A89F64E374E565884F5A 
0x00007FF9ED7531C4 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\GenericMethods.cpp:28409] AsyncTaskMethodBuilder_1_Start_TisU3CRunQueryAsyncU3Ed__15_tB5C649B48401671D7114B2292072DFBE4F3F4F88_m61933FB9BF4F6D865989EC4A98D1C0E2B9B3DD50_gshared 
0x00007FF9ED71CB35 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win643.cpp:26224] Base_RunQueryAsync_m128987642D6496C3296C7ED34681BE42AEF362F4 
0x00007FF9EEC73073 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:24466] U3CGetDedicatedServersAsyncU3Ed__6_MoveNext_m0994133333BA06FBCB7921FEE42D365C53AA9046 
0x00007FF9ED74FA44 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\GenericMethods.cpp:28905] AsyncTaskMethodBuilder_1_Start_TisU3CGetDedicatedServersAsyncU3Ed__6_tBFBA1C438A6E734AB9479ABE9D1B947FFB25C495_m011D93298A4A86284BEA9D63DA66FAC2F9F35FEF_gshared 
0x00007FF9EEC61815 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:23449] GetHostsRequest_GetDedicatedServersAsync_m22BCBDA7FBA5C05E318925F343A7AB5F4BB2F74E 
0x00007FF9EEC74DD3 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:23761] U3CPerformAsyncU3Ed__4_MoveNext_mB8EB1CBDBCA47587426EB54B0E7F0FCD82858CA4 
0x00007FF9EE197536 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib8.cpp:30239] ExecutionContext_RunInternal_mC37E85D6FC972DF219A00FE1EE34329D1D63CC94 
0x00007FF9EE029EB8 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib17.cpp:22706] MoveNextRunner_Run_m86395F123FB453F2B5FF89CE1E98532F7426F9DE 
0x00007FF9EE1A7599 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:27341] AwaitTaskContinuation_RunCallback_m37C4A227BA403A3D28CC94369A8770F1C16AE4E5 
0x00007FF9EE1AE83B (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:26619] SynchronizationContextAwaitTaskContinuation_Run_mE56D2F76E570D6E0DA92816F6121B3F478219B7D 
0x00007FF9EE1B444D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:23804] Task_FinishContinuations_m21B540B556CDABD76F5985DF83079F7F30C78174 
0x00007FF9EDE1C332 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics78.cpp:23887] Task_1_TrySetResult_m7D96FFF8B6137018F187CB09D8E3E2B9F85DAC53_gshared 
0x00007FF9EDEF38CE (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics9.cpp:10358] AsyncTaskMethodBuilder_1_SetResult_mF21C48FC9CEC24F4E9C5975C54F87BE9CA179046_gshared 
0x00007FF9EEC73824 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS53.cpp:24317] U3CGetLobbiesAsyncU3Ed__5_MoveNext_m65EF7A0F26851594125A0696C8D7168242FA6938 
0x00007FF9EE197536 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib8.cpp:30239] ExecutionContext_RunInternal_mC37E85D6FC972DF219A00FE1EE34329D1D63CC94 
0x00007FF9EE029EB8 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib17.cpp:22706] MoveNextRunner_Run_m86395F123FB453F2B5FF89CE1E98532F7426F9DE 
0x00007FF9EE1A7599 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:27341] AwaitTaskContinuation_RunCallback_m37C4A227BA403A3D28CC94369A8770F1C16AE4E5 
0x00007FF9EE1AE83B (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:26619] SynchronizationContextAwaitTaskContinuation_Run_mE56D2F76E570D6E0DA92816F6121B3F478219B7D 
0x00007FF9EE1B444D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib9.cpp:23804] Task_FinishContinuations_m21B540B556CDABD76F5985DF83079F7F30C78174 
0x00007FF9EDE1BC2F (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics78.cpp:26975] Task_1_TrySetResult_m2EE766FD3F76F4824990F4A93ED1F7253ECE014C_gshared 
0x00007FF9EDEF187D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Generics9.cpp:14116] AsyncTaskMethodBuilder_1_SetResult_m0D83195F995F9825D7A6DCDC3835D6917C43B5A6_gshared 
0x00007FF9ED745247 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win644.cpp:17194] U3CRequestAsyncU3Ed__19_MoveNext_m03AA839765DF8412A0CC5256023D27B3CC85F765 
0x00007FF9EE197536 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib8.cpp:30239] ExecutionContext_RunInternal_mC37E85D6FC972DF219A00FE1EE34329D1D63CC94 
0x00007FF9EE029EB8 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\mscorlib17.cpp:22706] MoveNextRunner_Run_m86395F123FB453F2B5FF89CE1E98532F7426F9DE 
0x00007FF9ED69276D (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win64.cpp:13323] Dispatch_ProcessCallback_mADD5C771D9678A60B3760EE6EFE8BA8287BD632A 
0x00007FF9ED691EBF (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\Facepunch.Steamworks.Win64.cpp:13162] Dispatch_Frame_mAEB48A70CF634EB0BD3FC42A1FB7F79A767F32D1 
0x00007FF9EE9F6878 (GameAssembly) [C:\p\ts_build\Library\Bee\artifacts\WinPlayerBuildProgram\il2cppOutput\cpp\TS31.cpp:18245] ApplicationManager_Update_m501EBD2AE6A0AD79A886EC5C9C7F01A91994B324 
0x00007FF9ED332216 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\Runtime.cpp:568] il2cpp::vm::Runtime::InvokeWithThrow 
0x00007FF9ED331CC9 (GameAssembly) [C:\Program Files\Unity\Hub\Editor\2021.3.16f1\Editor\Data\il2cpp\libil2cpp\vm\Runtime.cpp:553] il2cpp::vm::Runtime::Invoke

@andefoo
Copy link
Author

andefoo commented Apr 10, 2023

I opened the dump with VS and managed to get some extra info.

When MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back is called, its parameter "marshalled" is already non-null garbage.

Could it be this is some IL2CPP or marshalling bug related to marshalling empty arrays of structs?

When this is called, ___1_ppchFilters is a non-null pointer (can't see the length but assuming it is 0):

// Steamworks.Data.HServerListRequest Steamworks.ISteamMatchmakingServers::RequestInternetServerList(Steamworks.AppId,Steamworks.Data.MatchMakingKeyValuePair[]&,System.UInt32,System.IntPtr)
IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 ISteamMatchmakingServers_RequestInternetServerList_mBB536A0F87AE80529C48BBCD9C450C41B4621723 (ISteamMatchmakingServers_tEBD49134A036D782F07303D6B403D47F655D3D6D* __this, AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101 ___0_iApp, MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90** ___1_ppchFilters, uint32_t ___2_nFilters, intptr_t ___3_pRequestServersResponse, const RuntimeMethod* method) 
{
	{
		// var returnValue = _RequestInternetServerList( Self, iApp, ref ppchFilters, nFilters, pRequestServersResponse );
		intptr_t L_0 = ((SteamInterface_tD1E595D0A00371EA21179642B0137AA043827838*)__this)->___Self_0;
		AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101 L_1 = ___0_iApp;
		MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90** L_2 = ___1_ppchFilters;
		uint32_t L_3 = ___2_nFilters;
		intptr_t L_4 = ___3_pRequestServersResponse;
		HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 L_5;
		L_5 = ISteamMatchmakingServers__RequestInternetServerList_m884D03C2576B8E9B4D88DD18247D0E89EA5E6352(L_0, L_1, L_2, L_3, L_4, NULL);
		// return returnValue;
		return L_5;
	}
}

The next function is quite unreadable, but something goes wrong and it thinks the length of the array is more than 0 since it calls MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back in the end and crashes.

// Steamworks.Data.HServerListRequest Steamworks.ISteamMatchmakingServers::_RequestInternetServerList(System.IntPtr,Steamworks.AppId,Steamworks.Data.MatchMakingKeyValuePair[]&,System.UInt32,System.IntPtr)
IL2CPP_EXTERN_C IL2CPP_METHOD_ATTR HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 ISteamMatchmakingServers__RequestInternetServerList_m884D03C2576B8E9B4D88DD18247D0E89EA5E6352 (intptr_t ___0_self, AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101 ___1_iApp, MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90** ___2_ppchFilters, uint32_t ___3_nFilters, intptr_t ___4_pRequestServersResponse, const RuntimeMethod* method) 
{
	static bool s_Il2CppMethodInitialized;
	if (!s_Il2CppMethodInitialized)
	{
		il2cpp_codegen_initialize_runtime_metadata((uintptr_t*)&MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90_il2cpp_TypeInfo_var);
		s_Il2CppMethodInitialized = true;
	}


	typedef HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 (CDECL *PInvokeFunc) (intptr_t, AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101, MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke**, uint32_t, intptr_t);
	#if !FORCE_PINVOKE_INTERNAL && !FORCE_PINVOKE_steam_api64_INTERNAL
	static PInvokeFunc il2cppPInvokeFunc;
	if (il2cppPInvokeFunc == NULL)
	{
		int parameterSize = sizeof(intptr_t) + sizeof(AppId_tBB9174ED68D7F074002CF2803CA358603C6E6101) + sizeof(MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke**) + sizeof(uint32_t) + sizeof(intptr_t);
		il2cppPInvokeFunc = il2cpp_codegen_resolve_pinvoke<PInvokeFunc>(IL2CPP_NATIVE_STRING("steam_api64"), "SteamAPI_ISteamMatchmakingServers_RequestInternetServerList", IL2CPP_CALL_C, CHARSET_NOT_SPECIFIED, parameterSize, false);
		IL2CPP_ASSERT(il2cppPInvokeFunc != NULL);
	}
	#endif

	// Marshaling of parameter '___2_ppchFilters' to native representation
	MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke** ____2_ppchFilters_marshaled = NULL;
	MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke* ____2_ppchFilters_marshaled_dereferenced = NULL;
	if (*___2_ppchFilters != NULL)
	{
		il2cpp_array_size_t ____2_ppchFilters_Length = (*___2_ppchFilters)->max_length;
		____2_ppchFilters_marshaled_dereferenced = il2cpp_codegen_marshal_allocate_array<MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshaled_pinvoke>(____2_ppchFilters_Length);
		for (int32_t i = 0; i < ARRAY_LENGTH_AS_INT32(____2_ppchFilters_Length); i++)
		{
			MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke((*___2_ppchFilters)->GetAtUnchecked(static_cast<il2cpp_array_size_t>(i)), (____2_ppchFilters_marshaled_dereferenced)[i]);
		}
	}
	else
	{
		____2_ppchFilters_marshaled_dereferenced = NULL;
	}
	____2_ppchFilters_marshaled = &____2_ppchFilters_marshaled_dereferenced;

	// Native function invocation
	#if FORCE_PINVOKE_INTERNAL || FORCE_PINVOKE_steam_api64_INTERNAL
	HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 returnValue = reinterpret_cast<PInvokeFunc>(SteamAPI_ISteamMatchmakingServers_RequestInternetServerList)(___0_self, ___1_iApp, ____2_ppchFilters_marshaled, ___3_nFilters, ___4_pRequestServersResponse);
	#else
	HServerListRequest_t9E49778C7935F697113920E97DD0DE7DC3CA2F51 returnValue = il2cppPInvokeFunc(___0_self, ___1_iApp, ____2_ppchFilters_marshaled, ___3_nFilters, ___4_pRequestServersResponse);
	#endif

	// Marshaling of parameter '___2_ppchFilters' back from native representation
	MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90* _____2_ppchFilters_marshaled_unmarshaled_dereferenced = NULL;
	if (*____2_ppchFilters_marshaled != NULL)
	{
		if (_____2_ppchFilters_marshaled_unmarshaled_dereferenced == NULL)
		{
			_____2_ppchFilters_marshaled_unmarshaled_dereferenced = reinterpret_cast<MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90*>((MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90*)SZArrayNew(MatchMakingKeyValuePairU5BU5D_t26C117096D31B62DBB9E07C303A000445C028A90_il2cpp_TypeInfo_var, 1));
		}
		il2cpp_array_size_t _arrayLength = (_____2_ppchFilters_marshaled_unmarshaled_dereferenced)->max_length;
		for (int32_t i = 0; i < ARRAY_LENGTH_AS_INT32(_arrayLength); i++)
		{
			MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D _____2_ppchFilters_marshaled_i__unmarshaled;
			memset((&_____2_ppchFilters_marshaled_i__unmarshaled), 0, sizeof(_____2_ppchFilters_marshaled_i__unmarshaled));
			MatchMakingKeyValuePair_t6F5741A605188A958AF99938D200629244FAD16D_marshal_pinvoke_back((*____2_ppchFilters_marshaled)[i], _____2_ppchFilters_marshaled_i__unmarshaled);  // This gets called and crashes
			(_____2_ppchFilters_marshaled_unmarshaled_dereferenced)->SetAtUnchecked(static_cast<il2cpp_array_size_t>(i), _____2_ppchFilters_marshaled_i__unmarshaled);
		}
	}
	*___2_ppchFilters = _____2_ppchFilters_marshaled_unmarshaled_dereferenced;
	Il2CppCodeGenWriteBarrier((void**)___2_ppchFilters, (void*)____2_ppchFilters_marshaled);

	return returnValue;
}

@andefoo
Copy link
Author

andefoo commented Apr 10, 2023

Opened a thread on Unity forums, too:

https://forum.unity.com/threads/il2cpp-marshalling-issue-with-an-empty-arrays-of-structs.1423185/

andefoo pushed a commit to andefoo/Facepunch.Steamworks that referenced this issue Apr 10, 2023
@anttiverse
Filters are now stored in a static buffer in Internet server list que…
c2f81e0 
…ry. This is an attempt to get rid of a very rare crash that seems to be related to the key value pair array crashing when being marshalled. One theory is that there is something wrong with GC and this change tries to prevent the array getting garbage collected. Now waiting to see if the crash still happens...

More info:
https://forum.unity.com/threads/il2cpp-marshalling-issue-with-an-empty-arrays-of-structs.1423185
Facepunch#658
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@garrynewman garrynewman

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garrynewman @andefoo