Corrupt ride window when trains have more than 144 cars #17073
Comments
|
Do we have any idea where the 144 comes from? |
|
It was added 8 years ago 8355bf6, likely taken from the original game. I can't think of any vehicles from the original games that support that many cars per train. Chris Sawyer may simply have picked this size to be sure it would be enough. |
The number of cars per train seems irrelevant here, it loops over the trains, not the individual cars per train. |
|
Exactly the opposite, the number of trains is irrelevant, the number of cars is not. It loops over the cars for each vehicle to draw the full train in the scroll view widget. At the beginning of the vehicle loop, it stores a pointer to this list in |
Because it draws the cars for every train, and reuses the array for each train.
OpenRCT2/src/openrct2-ui/windows/Ride.cpp Line 2939 in 85baa6f FWIW I've already got a PR ready that fixes the crashes: #17074 |
- Feature: [#16825] Add Alpine Coaster track type. - Feature: [#17011] Option to show ride vehicles as separate entries when selecting a ride to construct. - Feature: [#17217] Add FLAC and OGG/vorbis as supported audio formats for ride music objects. - Feature: [#12328, #17418] Add vehicles for the Hybrid Coaster, Single-Rail Roller Coaster and Classic Mini Roller Coaster. - Improved: [#7983] The red colour in the ride stat screen and the ride graphs now corresponds better to negative effects on a ride’s stats. - Improved: [#13966] Music Style dropdown is now sorted by name. - Improved: [#16978] Tree placement is more natural during map generation. - Improved: [#16992] The checkbox in the visibility column of the Tile Inspector has been replaced with an eye symbol. - Improved: [#16999] The maximum price for the park entry has been raised to £999. - Improved: [#17050] Transparency can be enabled directly without needing see-through enabled first. - Improved: [#17059] Show Tile Inspector usage hint when nothing is selected. - Improved: [#17199] Allow creation of Spiral Slide reskins. - Improved: [#17242] More natural looking shorelines in map generator. - Improved: [#17328] Parks can now be resized into rectangular shapes from the map and map generation windows. - Change: [#16952] Make “Object Selection” order more coherent. - Change: [#17002] Weather no longer resets when converting a save to scenario. - Change: [#17294] New ride window remembers scroll position per tab instead of highlighted ride. - Removed: [#16864] Title sequence editor (replaced by plug-in). - Removed: [#16911, #17411] Residual support for pre-Vista Windows systems. - Fix: [#13997] Placing a track design interferes with other players building a ride. - Fix: [#15787] When deselecting "Show banner text in upper case", the banners remain upper case for 10 seconds. - Fix: [#16539] CustomListView header not clickable when listview is scrolled. - Fix: [#16799] Browsing “Up” in the Load Save window shows no files, only folders. - Fix: [#16934] Park size displayed incorrectly in Park window. - Fix: [#16974] Small scenery ghosts can be deleted. - Fix: [#16989] Re-focusing maximised window triggers a restore and maximise. - Fix: [#17005] Unable to set patrol area for first staff member in park. - Fix: [#17017] [Plugin] Crash when using tile element properties that require a valid ride to be linked. - Fix: [#17073] Corrupt ride window and random crashes when trains have more than 144 cars. - Fix: [#17080] “Remove litter” cheat does not empty litter bins. - Fix: [#17099] Object selection thumbnail box is one pixel too tall. - Fix: [#17104] Changing map size does not invalidate park size. - Fix: [#17157] Crash when browsing “Up” to folder with CJK characters in its name. - Fix: [#17187] Text input window does not resize correctly. - Fix: [#17197] Segfault when extracting files from the GOG installer. - Fix: [#17205] Map generator sometimes crashes when not all standard terrain objects are available. - Fix: [#17221] Object ghosts and tooltips follow invisible cursor when moving the viewport by right-click dragging. - Fix: [#17255] Cursor position is incorrect when adjusting terrain and water height. - Fix: [#17257] [Plugin] Add tertiary colour to large scenery scripting API. - Fix: [#17261] Hand cursor position is incorrect when dragging items in the Inventions List window. - Fix: [#17292] Rows in shortcut key list stay highlighted when cursor leaves list. - Fix: [#17295] Pause status not cleared when loading a scenario made from a converted paused save. - Fix: [#17310] Reversed reversible vehicles not imported properly when loading RCT1 parks. - Fix: [#17335] [Plugin] Documentation has an incorrect type for PixelData ‘data’ attribute. - Fix: [#17337] Air Powered Vertical Coaster trains not imported properly when loading RCT1 parks. - Fix: [#17346] Surface height markers are concealed by sprites of same surface. - Fix: [#17369] [Plugin] ‘Car.travelBy()’ moves other cars as well. - Fix: [#17377] When building the park entrance before opening the Footpaths window, the path will be invisible. - Fix: [#17381] Air Powered Vertical Coaster stat penalty is wrong. - Fix: [#17399] Guests never generate the being watched thought. - Fix: [#17433] Wrong T-shirt colours for guests on a Twist ride. - Fix: [#17450] Ducks can swim on three-corners-up land tile. - Fix: [#17461] Footpath Railing tooltip showing incorrect tooltip. - Fix: [#17464] Green Tarmac footpath is not available in the Track Designer. - Fix: [#17466] New object types not packed in save files. - Fix: [#17481] Roto-drop cars try going up to top pieces that are ghosts or belong to other rides.
This is likely the source of many crash reports that have to do with the ride window's events. When there are more than 144 cars,
WindowRideVehicleScrollpaintwrites out of bounds, overwriting other static fields (most likely the others inRide.cppthough).The static array:
OpenRCT2/src/openrct2-ui/windows/Ride.cpp
Line 2906 in 85baa6f
Used in this loop, which may loop more than 144 times for cheated trains:
OpenRCT2/src/openrct2-ui/windows/Ride.cpp
Lines 2932 to 2934 in 85baa6f
Writing out of bounds here:
OpenRCT2/src/openrct2-ui/windows/Ride.cpp
Lines 2971 to 2974 in 85baa6f
Making sure the array is longer than the maximum number of vehicles may fix this, though since trains can have invisible cars, I'm not entirely sure the actual number can still be higher than 255.
The text was updated successfully, but these errors were encountered: