Commit Graph

7025 Commits

Author SHA1 Message Date
Peace-Maker
15450a6d0c Fix use-after-free when creating custom user messages
When creating our own "owned and local" protobuf message in `StartProtobufMessage`, `m_FakeEngineBuffer` is used to track that message. In `EndMessage` the message is optionally converted to a "private" one with the right abi on osx and passed to the engine's `SendUserMessage`. On linux and windows the same message as in the `m_FakeEngineBuffer` is passed though without conversion. `engine->SendUserMessage` has a vtable hook which sets `m_FakeEngineBuffer` to the passed argument.

`m_FakeEngineBuffer` frees the message it previously held, since it's "owned" from `StartProtobufMessage`, but that's the same one that's passed in as argument so a use-after-free in the engine happens when the now-freed message pointer is forwarded to the real `SendUserMessage` in the engine.

The message created in `StartProtobufMessage` wasn't free'd at all when hooks are blocked too. This fix moves the message buffer into a local variable which is destroyed at the end of the function.

Fixes #1286 and #1296
2020-06-23 10:32:55 -07:00
Headline
832519ab64
Prevent multiple calls to SDK_OnAllLoaded (#1293) 2020-06-21 23:32:11 -07:00
Headline
4e2806c951
Notify plugin reloads on next frame (#1292) 2020-06-21 23:31:52 -07:00
Nicholas Hastings
7e0dd1fd41
Update TF2 CanBeAutobalanced gamedata. 2020-06-17 00:50:43 +00:00
Accelerator74
2d971a9fb7
Prevent voteban evading & add ban length cvar (#1249) 2020-06-13 16:00:44 -07:00
David Anderson
3b386379dd
Use more STL for vector insertion/removal. (#1284) 2020-06-13 15:57:02 -07:00
David Anderson
7b887ee9f6 Update SourcePawn.
This will fix a utf8 regression reported in issue #1286.
2020-06-02 13:33:57 -07:00
David Anderson
67f0e4be60 Update SourcePawn and AMTL. 2020-06-01 13:22:29 -07:00
David Anderson
80acff8d7d Replace ke::LinkedList with std::list. 2020-05-31 23:19:41 -07:00
David Anderson
d5d4d78023 Update SourcePawn and AMTL to fix the Mac build. 2020-05-31 22:57:14 -07:00
David Anderson
5d94f0bea8 Replace ke::Vector with std::vector. 2020-05-31 11:35:51 -07:00
David Anderson
e5ddbd9886 Introduce a pbproxy library to solve macOS linker issues.
On SDKs which use protobufs, the engine has objects compiled against a specific
version of protobuf. Normally this is fine, we take care on Linux to use the
same C++ ABI. On macOS however, we use libc++ to enable C++11 functionality,
whereas the protobuf library has been compiled with libstc++. These ABIs are
not compatible.

To address the problem, we introduce PbHandle. PbHandle is a wrapper around
protobuf::Message with two added pieces of state: whether or not the handle
"owns" the message (and can free it in its destructor), and whether or not
the handle was created by the engine (private) or created by SourceMod
(local).

Whenever we transfer a protobuf::Message pointer to SourceMod, we must take
care to convert it to a Local version first. Whenever we transfer a protobuf
pointer to the engine, we must convert it to a Private handle.

For platforms with no ABI differences (almost all of them), the handle is a
no-op. The private and local localities are compatible and no translation
takes place.

On macOS, CS:GO does require translation. SourceMod loads a tiny shim
library that contains a copy of the protobuf sources compiled against the
game's ABI. It then provides serialization and deserialization methods.
SourceMod must not interact with the game's protobuf objects without first
going through this proxy library.

Note that PbHandle is not quite like unique_ptr. It can be converted into a
PbHandle that does not destroy the underlying object. This is mainly because
UserMessages.cpp has rather complex state, so it is useful to track locality
without destroying an object. An unowned PbHandle must not outlive the
owning PbHandle.
2020-05-30 22:13:07 -07:00
David Anderson
d525b466ec Use C++11 for macOS and CS:GO. 2020-05-30 22:13:07 -07:00
David Anderson
333227fad8 Build csgo-x64 on travis. 2020-05-30 22:13:07 -07:00
David Anderson
288a781555 Fix startup crash. 2020-05-30 19:10:23 -07:00
David Anderson
979e410efc Update AMTL, replace ke::Deque with std::deque. 2020-05-30 12:44:02 -07:00
Fyren
75fa198321
Change bootstrap.pl and startbuild.pl to also take CXX. (#1280) 2020-05-27 21:18:49 -04:00
David Anderson
49669f6585 Revert "Fix linking on Linux."
This reverts commit acf8782786.
2020-05-26 20:04:55 -07:00
David Anderson
acf8782786 Fix linking on Linux. 2020-05-25 21:35:50 -07:00
David Anderson
6d2e0aa684 Fix Windows build. 2020-05-21 00:11:23 -07:00
David Anderson
032a30f676 Fix mac build, part 2. 2020-05-20 23:17:15 -07:00
David Anderson
c9f574c27b Fix mac build. 2020-05-20 22:50:41 -07:00
David Anderson
b725196a26 Replace AString with std::string. 2020-05-20 17:57:18 -07:00
David Anderson
301bafa3f5 Replace more Move/Forward with STL variants. 2020-05-19 12:56:28 -07:00
David Anderson
7a3e4054c7 Enable exception handling in C++ code.
It turns out this was already enabled on MSVC (due to /EHsc), but let's
enable it on other platforms as well.

Exception handling comes with a huge caveat: SourceMod and SourcePawn
are not exception safe. Not only do they predate usable STL (C++11),
they often predate C++03, and sometimes even C++ itself. There are many
places we do not use RAII, or where we accumulate state in a way that
cannot be interrupted.

By enabling exceptions, we are NOT inviting general try/catch. We are
still assuming that a `throw` anywhere within SourceMod will ultimately
result in a crash.

However, as we enable more and more STL, we are losing the ability to
gracefully handle constructor failures and malloc failures. So try-catch
is now enabled. It should only be used in the narrowest of
circumstances:

 - When an exception can be thrown by a library call, and
 - There is no way "a priori" to tell if an exception will be thrown
(for example, std::bad_alloc or std::system_error), and
 - Handling the exception is meaningful.

Generally malloc failures should not be considered meaningful. Once
memory is exhausted, the program will crash or be OOM-killed, so there's
no point in handling the failure. However, cases where the allocation
amount is variable may be meaningful to handle. A simple example would
be CDataPack, where if a plugin leaks entries, it's better to handle
this gracefully given that vector growth is geometric. Another example
might be reads of a massive file or network request into a buffer.

These cases should be rare, given that memory pressure is usually
fatal to srcds anyway. But if you've decided to handle an exception,
the try-catch block should be as narrow as possible. For example,
the following is erroneous:

    ke::Maybe<SomeGiganticThing> object;
    try {
        object.init();
    } catch (const std::bad_alloc&) {
    }

`ke::Maybe` is not threadsafe, and this can leak. Basically, do as
little as possible in try blocks, and use them sparingly, because
they're very difficult to audit.

We are also not inviting use of `throw`, as auditing it is even more
complex than try/catch. It is better to abort(), or use boolean
returns and two-stage object initialization.
2020-05-19 12:21:57 -07:00
David Anderson
7d7253c9cc Update AMTL; replace AutoPtr/UniquePtr with STL. 2020-05-18 18:19:16 -07:00
David Anderson
c2df49ee33 Rename ke::Lambda to ke::Function. 2020-05-17 12:33:52 -07:00
David Anderson
a253e175bb Replace all uses of AMTL threads with STL threads.
This also rewrites the work loop for threaded queries. It has been
simplified significantly.
2020-05-16 22:35:56 -07:00
David Anderson
15023777f4
Merge pull request #1266 from alliedmodders/threads-3
Pare down ThreadSupport and remove ancient thread code.
2020-05-14 10:45:50 -07:00
David Anderson
ff018a9a5d Improve Travis coverage.
Our official builds use clang-3.4 (for macOS) and clang-3.8 for Linux.
Linux uses libstdc++-4.9. Make sure these two compilers are being tested
and that libstdc++-4.9 is being used for STL.

Add a macOS builder to get coverage there. This will use a newer
clang than we actually use, but as opposed to the linux builder will
test the platform-specific bits.

Finally, use the latest GCC and clang versions from a bionic image, so
we have some coverage of a popular distribution.
2020-05-13 19:09:20 -07:00
David Anderson
f76cb94511 Pare down ThreadSupport and remove ancient thread code.
This patch removes almost all of the existing platform-specific
ThreadSupport code, as well as code derived from it. It is now
implemented on top of C++11 threads and is much simpler.

This is the first inclusion of STL in SourceMod. Mac and Windows are
allowed to dynamically link to their respective implementations. On
Linux, libstdc++ is statically linked, except in the cases where it was
already dynamically linked (csgo, blade).

IEventSignal has been retained because sourcemod-curl-extension relies
on it. As written, it is impossible to use as a condition variable,
because the caller does not have access to the underlying mutex. There
is no way to make this API safe or non-racy, so extensions relying on
it should switch to C++11 threads.

ThreadWorker is now pared down and does not interact or inherit from
BaseWorker in any way. Basic functionality has been tested. Since it is
not used anywhere in SourceMod, or seemingly in any repository on
GitHub, it's unclear whether it should even exist. But it has been
tested in this patch.

This change bumps the minimum macOS version to OS X 10.7, and the
minimum C++ standard level to C++14.
2020-05-13 00:35:29 -07:00
David Anderson
87cc42d348 Fix build failures with clang 10. 2020-05-12 23:04:55 -07:00
wanted241
5177cfdf97
Fix unnecessary ConCommand cache misses (#1256) 2020-05-08 15:28:45 -07:00
Deathreus
13621a1274
Add an array operations to CDataPack (#1219) 2020-05-08 15:23:48 -07:00
peace-maker
bc89e54f6d
NPOTB: Always use hl2sdk-proxy-repo in checkout-deps (#1236) 2020-05-08 15:12:21 -07:00
Arron Vinyard
5ed2f79217
Replace GetCmdArgs with args param (#1229) 2020-05-08 15:09:44 -07:00
Vladimir
3696a4cd9e
Correct parameter detail in OnEntityDestroyed (#1237) 2020-05-08 15:08:34 -07:00
Arron Vinyard
8259bd316a
Alert players of map history console output (#1242) 2020-05-08 15:04:57 -07:00
⭐ B3none
6717f45469
Standardize some spacing in translation phrases (#1254) 2020-05-08 14:55:05 -07:00
Scags
44615b7ade
Prevent uncessary re-tagging for address functions (#1250) 2020-05-08 14:54:01 -07:00
Loïc
f3200b2232
Fix GetDataDescMap not work on Day Of Infamy (#1263)
During the Split Day of Infamy to separate engine build #718 on 3 Nov 2017, it was forgotten to add the engine doi the list.
2020-05-07 12:20:29 +01:00
42
881cbcd45d
Add new TF2 Holiday Soldier (#1257) 2020-05-06 23:00:24 +00:00
Loïc
30a4032067
Fix timelimit not correct for Black Mesa (#1262)
* Fix timelimit not correct for Black Mesa

Black Mesa is particular and use timelimit in seconds instead of minutes

* Update TimerSys.cpp

* Update TimerSys.cpp

* Update TimerSys.cpp

* Update TimerSys.cpp
2020-05-06 22:59:43 +00:00
peace-maker
5597fc56d3
Fix crash when ArrayList runs out of memory (#1235)
The allocation size was still updated to the bigger size even if memory allocation failed. Trying to write to the supposedly available new space would overflow the heap and crash. Fixes #1233
2020-04-30 17:59:54 +01:00
Erik Minekus
adcc0efda6
Fix matching Regex against an empty string (#1253)
Removed the offset check from MatchRegex, as this
is already handled by pcre_exec.
2020-04-29 00:37:45 +00:00
Andrew
d044b13ce4
datapack: free all elements on clear (#1251)
* Fixed memory leak

When a pack was cleared or destroyed the String and Raw types could cause memory leaks. This happens when "position" is sitting at the end of the vector and can never get past the "if (pos >= elements.length())" statement. This means there is a memory leak in any plugin that clears/destroys a pack with strings and doesn't set the position to length-1 or less beforehand.

* datapack: Fix delete op on CDataPackType::Raw.

Co-authored-by: Kyle Sanderson <kyle.leet@gmail.com>
2020-04-27 18:09:13 -07:00
Loïc
d42c304a55
Bump version for non-VCS builds (#1243) 2020-04-27 15:50:03 +01:00
Loïc
d876f04baf
Update Function Offsets For PVKII 0.4.2.2 (#1227)
* Update Function Offsets For PVKII 0.4.2.2

-Updates offsets for Linux/Win/Mac
-Update func sig FireOutput for Linux/Win/Mac
2020-04-22 01:03:34 +00:00
Loïc
593552f8d6
Update Function Offsets For PVKII 0.4.2.2 (#1226)
* Update Function Offsets For PVKII 0.4.2.2

-Updates offsets for Linux/Win/Mac
2020-04-22 01:03:22 +00:00
thewavelength
25462071df
Make GetStringTableData native binary-safe (#1232)
Replace StringToLocalUTF8 with LocalToString and memcpy to make this binary compatible and update the documentation.
2020-04-14 17:51:39 +01:00