Skip to content

bugfix(script): Fix global-buffer-overflow in WorldBuilder scripts #1724

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 22, 2025
Merged

bugfix(script): Fix global-buffer-overflow in WorldBuilder scripts #1724

merged 1 commit into from
Oct 22, 2025

Conversation

@xezon
Copy link

@xezon xezon commented Oct 21, 2025

This change fixes a global-buffer-overflow in WorldBuilder scripts. It was introduced by #1584.

=================================================================
==17188==ERROR: AddressSanitizer: global-buffer-overflow on address 0x01a9287c at pc 0x00258b51 bp 0x063dd014 sp 0x063dd008
READ of size 4 at 0x01a9287c thread T0
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(332)\kernelbase.dll!7528F343: (caller: 7528F00D) ReturnHr(1) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(804)\kernelbase.dll!7528F026: (caller: 75290CF2) ReturnHr(2) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(998)\kernelbase.dll!75290D1F: (caller: 7524E22E) LogHr(1) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(332)\kernelbase.dll!7528F343: (caller: 7528F00D) ReturnHr(3) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(804)\kernelbase.dll!7528F026: (caller: 75290CF2) ReturnHr(4) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(998)\kernelbase.dll!75290D1F: (caller: 7524E22E) LogHr(2) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(332)\kernelbase.dll!7528F343: (caller: 7528F00D) ReturnHr(5) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(804)\kernelbase.dll!7528F026: (caller: 75290CF2) ReturnHr(6) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(998)\kernelbase.dll!75290D1F: (caller: 7524E22E) LogHr(3) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(332)\kernelbase.dll!7528F343: (caller: 7528F00D) ReturnHr(7) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(804)\kernelbase.dll!7528F026: (caller: 75290CF2) ReturnHr(8) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(998)\kernelbase.dll!75290D1F: (caller: 7524E22E) LogHr(4) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(332)\kernelbase.dll!7528F343: (caller: 7528F00D) ReturnHr(9) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(804)\kernelbase.dll!7528F026: (caller: 75290CF2) ReturnHr(10) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
onecore\base\appmodel\processcreation\src\packagedcreateprocess.cpp(998)\kernelbase.dll!75290D1F: (caller: 7524E22E) LogHr(5) tid(68c8) 8007007B The filename, directory name, or volume label syntax is incorrect.
==17188==WARNING: Failed to use and restart external symbolizer!
    #0 0x00258b50 in EditParameter::loadObjectFlags D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\EditParameter.cpp:1442
    #1 0x00253ade in EditParameter::getWarningText D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\EditParameter.cpp:254
    #2 0x002f9287 in ScriptDialog::updateScriptWarning D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\ScriptDialog.cpp:336
    #3 0x002f8fb9 in ScriptDialog::updateWarnings D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\ScriptDialog.cpp:394
    #4 0x00300387 in ScriptDialog::OnInitDialog D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\ScriptDialog.cpp:543
    #5 0x54a43dc6  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x104d3dc6)
    #6 0x76bd9b22 in Ordinal2713+0x822 (C:\WINDOWS\System32\USER32.dll+0x10039b22)
    #7 0x76bc688e in GetPropW+0x13ce (C:\WINDOWS\System32\USER32.dll+0x1002688e)
    #8 0x76bc5803 in GetPropW+0x343 (C:\WINDOWS\System32\USER32.dll+0x10025803)
    #9 0x76c10608 in CheckRadioButton+0xb8 (C:\WINDOWS\System32\USER32.dll+0x10070608)
    #10 0x76bd9b22 in Ordinal2713+0x822 (C:\WINDOWS\System32\USER32.dll+0x10039b22)
    #11 0x76bc7c9c in MsgWaitForMultipleObjectsEx+0x7cc (C:\WINDOWS\System32\USER32.dll+0x10027c9c)
    #12 0x76c03c22 in SetMenu+0x142 (C:\WINDOWS\System32\USER32.dll+0x10063c22)
    #13 0x76c0473a in CallWindowProcA+0x1a (C:\WINDOWS\System32\USER32.dll+0x1006473a)
    #14 0x54b7c1ea  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1060c1ea)
    #15 0x54b7c2fb  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1060c2fb)
    #16 0x54a4555c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x104d555c)
    #17 0x54b8391b  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1061391b)
    #18 0x54b87e1c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10617e1c)
    #19 0x54b784f9  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x106084f9)
    #20 0x54b79544  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10609544)
    #21 0x5489213c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1032213c)
    #22 0x76bd9b22 in Ordinal2713+0x822 (C:\WINDOWS\System32\USER32.dll+0x10039b22)
    #23 0x76bc7c9c in MsgWaitForMultipleObjectsEx+0x7cc (C:\WINDOWS\System32\USER32.dll+0x10027c9c)
    #24 0x76bc8dfb in GetWindowLongW+0x104b (C:\WINDOWS\System32\USER32.dll+0x10028dfb)
    #25 0x76bcecbb in EnumThreadWindows+0x12db (C:\WINDOWS\System32\USER32.dll+0x1002ecbb)
    #26 0x76bd14e4 in CreateDialogIndirectParamAorW+0x34 (C:\WINDOWS\System32\USER32.dll+0x100314e4)
    #27 0x76c06fca in CreateDialogIndirectParamA+0x1a (C:\WINDOWS\System32\USER32.dll+0x10066fca)
    #28 0x54a46662  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x104d6662)
    #29 0x54a446d6  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x104d46d6)
    #30 0x54a44ba5  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x104d4ba5)
    #31 0x54a44b24  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x104d4b24)
    #32 0x54a44229  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x104d4229)
    #33 0x546fea8e  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1018ea8e)
    #34 0x002a1db0 in CMainFrame::onEditScripts D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\MainFrm.cpp:435
    #35 0x0038edcf in CWorldBuilderDoc::OnEditScripts D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\WorldBuilderDoc.cpp:1952
    #36 0x549c2262  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10452262)
    #37 0x549c1b81  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10451b81)
    #38 0x54a727c3  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105027c3)
    #39 0x54b4e29c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105de29c)
    #40 0x54bb2719  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10642719)
    #41 0x54b807c6  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x106107c6)
    #42 0x54bb2922  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10642922)
    #43 0x54b828d8  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x106128d8)
    #44 0x54b87e1c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10617e1c)
    #45 0x54b784f9  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x106084f9)
    #46 0x54b79544  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10609544)
    #47 0x5489213c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1032213c)
    #48 0x76bd9b22 in Ordinal2713+0x822 (C:\WINDOWS\System32\USER32.dll+0x10039b22)
    #49 0x76bc7c9c in MsgWaitForMultipleObjectsEx+0x7cc (C:\WINDOWS\System32\USER32.dll+0x10027c9c)
    #50 0x76bc8dfb in GetWindowLongW+0x104b (C:\WINDOWS\System32\USER32.dll+0x10028dfb)
    #51 0x76be04f7 in SetWindowsHookExAW+0x2f7 (C:\WINDOWS\System32\USER32.dll+0x100404f7)
    #52 0x76bc7465 in SendMessageW+0x45 (C:\WINDOWS\System32\USER32.dll+0x10027465)
    #53 0x6f8d5761 in CreateToolbar+0x4dc1 (C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.26100.5074_none_cf989b7a8eac3574\Comctl32.dll+0x10015761)
    #54 0x6f8d6704 in CreateToolbar+0x5d64 (C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.26100.5074_none_cf989b7a8eac3574\Comctl32.dll+0x10016704)
    #55 0x76bd9b22 in Ordinal2713+0x822 (C:\WINDOWS\System32\USER32.dll+0x10039b22)
    #56 0x76bc7c9c in MsgWaitForMultipleObjectsEx+0x7cc (C:\WINDOWS\System32\USER32.dll+0x10027c9c)
    #57 0x76c03c22 in SetMenu+0x142 (C:\WINDOWS\System32\USER32.dll+0x10063c22)
    #58 0x76c0473a in CallWindowProcA+0x1a (C:\WINDOWS\System32\USER32.dll+0x1006473a)
    #59 0x54b7c1ea  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1060c1ea)
    #60 0x54b87e61  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10617e61)
    #61 0x549b2d58  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10442d58)
    #62 0x54b784f9  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x106084f9)
    #63 0x54b79544  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10609544)
    #64 0x5489213c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1032213c)
    #65 0x76bd9b22 in Ordinal2713+0x822 (C:\WINDOWS\System32\USER32.dll+0x10039b22)
    #66 0x76bc7c9c in MsgWaitForMultipleObjectsEx+0x7cc (C:\WINDOWS\System32\USER32.dll+0x10027c9c)
    #67 0x76bc7129 in DispatchMessageW+0x4a9 (C:\WINDOWS\System32\USER32.dll+0x10027129)
    #68 0x76bcb8f0 in IsDialogMessageW+0x8a0 (C:\WINDOWS\System32\USER32.dll+0x1002b8f0)
    #69 0x76c10c1b in IsDialogMessage+0x13b (C:\WINDOWS\System32\USER32.dll+0x10070c1b)
    #70 0x54bca6c3  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1065a6c3)
    #71 0x54b8518c  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1061518c)
    #72 0x549b2620  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10442620)
    #73 0x54b87aad  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10617aad)
    #74 0x54b463a5  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105d63a5)
    #75 0x54b47999  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105d7999)
    #76 0x54b466c9  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105d66c9)
    #77 0x54b46591  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105d6591)
    #78 0x54b47c42  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105d7c42)
    #79 0x54b47d43  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x105d7d43)
    #80 0x5499c627  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x1042c627)
    #81 0x54bc2aeb  (C:\WINDOWS\SYSTEM32\mfc140d.dll+0x10652aeb)
    #82 0x016d7167 in WinMain D:\a\_work\1\s\src\vctools\VC7Libs\Ship\ATLMFC\Src\MFC\appmodul.cpp:25
    #83 0x016d94cc in invoke_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:102
    #84 0x016d93d9 in __scrt_common_main_seh D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:288
    #85 0x016d927c in __scrt_common_main D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_common.inl:330
    #86 0x016d9537 in WinMainCRTStartup D:\a\_work\1\s\src\vctools\crt\vcstartup\src\startup\exe_winmain.cpp:16
    #87 0x767c5d48 in BaseThreadInitThunk+0x18 (C:\WINDOWS\System32\KERNEL32.DLL+0x10015d48)
    #88 0x776dd6da in RtlInitializeExceptionChain+0x6a (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2ed6da)
    #89 0x776dd660 in RtlGetAppContainerNamedObjectPath+0x230 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x4b2ed660)

0x01a9287c is located 0 bytes after global variable 'TheObjectFlagsNames' defined in 'Scripts.cpp:2679:18' (0x01a92860) of size 28
0x01a9287c is located 36 bytes before global variable 'BuildableStatusNames' defined in 'ThingTemplate.h:229:25' (0x01a928a0) of size 20
SUMMARY: AddressSanitizer: global-buffer-overflow D:\Projects\TheSuperHackers\GeneralsGameCode\GeneralsMD\Code\Tools\WorldBuilder\src\EditParameter.cpp:1442 in EditParameter::loadObjectFlags
Shadow bytes around the buggy address:
  0x01a92580: 00 f9 f9 f9 00 02 f9 f9 00 05 f9 f9 00 f9 f9 f9
  0x01a92600: 00 06 f9 f9 00 06 f9 f9 06 f9 f9 f9 00 05 f9 f9
  0x01a92680: 06 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 06 f9 f9
  0x01a92700: 00 00 02 f9 f9 f9 f9 f9 06 f9 f9 f9 00 f9 f9 f9
  0x01a92780: 00 f9 f9 f9 00 07 f9 f9 00 03 f9 f9 00 03 f9 f9
=>0x01a92800: 00 07 f9 f9 00 00 02 f9 f9 f9 f9 f9 00 00 00[04]
  0x01a92880: f9 f9 f9 f9 00 00 04 f9 f9 f9 f9 f9 04 f9 f9 f9
  0x01a92900: 00 00 05 f9 f9 f9 f9 f9 03 f9 f9 f9 00 03 f9 f9
  0x01a92980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 f9
  0x01a92a00: f9 f9 f9 f9 00 00 00 04 f9 f9 f9 f9 00 00 00 00
  0x01a92a80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 03 f9 f9 f9
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
Address Sanitizer Error: Global buffer overflow

@xezon xezon added Critical Severity: Minor < Major < Critical < Blocker WorldBuilder Relates to World Builder ThisProject The issue was introduced by this project, or this task is specific to this project Crash This is a crash, very bad labels Oct 21, 2025
Skyaero42
Skyaero42 approved these changes Oct 21, 2025
View reviewed changes
Copy link

@Skyaero42 Skyaero42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok

@xezon xezon added the Approved Pull Request was approved label Oct 21, 2025
@xezon xezon merged commit 8db49bf into TheSuperHackers:main Oct 22, 2025
17 checks passed
@xezon xezon deleted the xezon/fix-worldbuilder-scripts-crash branch October 22, 2025 16:44
fbraz3 pushed a commit to fbraz3/GeneralsX that referenced this pull request Nov 10, 2025
@xezon
bugfix(script): Fix global-buffer-overflow in WorldBuilder scripts (T…
3485b3d 
…heSuperHackers#1724)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Skyaero42 Skyaero42 Skyaero42 approved these changes

Assignees

No one assigned

Labels

Approved Pull Request was approved Crash This is a crash, very bad Critical Severity: Minor < Major < Critical < Blocker ThisProject The issue was introduced by this project, or this task is specific to this project WorldBuilder Relates to World Builder

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

WorlbuilderZH crash when opening the scripts pop-up window for some maps

2 participants

@xezon @Skyaero42