Game Development Community

Heap corruption caused by incorrect Torque Script naming.

by Tim Newell · in Torque 3D Professional · 10/09/2012 (12:39 pm) · 7 replies

If you name a torque script object the same name as a Torque script class, you will get heap corruption with no warning at all. For example if your mission file has new SimGroup(GroundCover) it will load without warning and corrupt the heap. I am not sure at what point this is corrupting the heap but I put in some detection code and avoidance for it in our local code base. If you want to add it to your codebase or the T3D MIT (Im not setup to submit it yet) then you can open console/compiledEval.cpp and around line 631 in the CodeBlock::exec function under case OP_CREATE_OBJECT: you should see:

else if (!isInternal)
            {
               // IF we aren't looking at a local/internal object, then check if 
               // this object already exists in the global space

               SimObject *obj = Sim::findObject( objectName );
               if (obj /*&& !obj->isLocalName()*/)
               {
                  if ( isSingleton )

replace that with:

else if (!isInternal)
            {
               // IF we aren't looking at a local/internal object, then check if 
               // this object already exists in the global space

			   AbstractClassRep* rep = AbstractClassRep::findClassRep( objectName );
			   if (rep != NULL) {
				   String newObjectName = objectName;
				   newObjectName += "1";
				   String assertMessage = objectName;
				   assertMessage += " is the name of a torque script class.  This will cause heap corruption!";
				   AssertFatal(0, assertMessage);
				   Con::errorf("%s is the name of a torque script class.  This will cause heap corruption.  renaming it to %s", objectName, newObjectName);
				   objectName = StringTable->insert( newObjectName.c_str() );
			   }

               SimObject *obj = Sim::findObject( objectName );
               if (obj /*&& !obj->isLocalName()*/)
               {
                  if ( isSingleton )

If you accidently do this in code now it will warning you with a debug assert as well as printing to the torque console. It will also rename it so you will not get heap corruption.

There is the same heap corruption issue with overwriting C++ members with dynamic variables. I do not have a fix for this at this time though. For instance if you have:

new SimObject(MyTestObject);
MyTestObject.name[0] = "test"; //you just trashed the heap
NextNext Thread
PrevPrevious Thread
More from Torque 3D Professional


Torque Owner Robert Fritzen
Phantom Games Development
#1
10/09/2012 (2:05 pm)
Good catch.. this will help to resolve some issues..

Torque Owner Demolishun
DemolishunConsulting Rocks!
#2
10/10/2012 (10:37 am)
Is this one way the heap is getting borked:
new SimObject(ScriptObject);
new ScriptObject(SimObject);
This locks the engine.

I did the variable method and it messed the name reported back by the object to just blank. How are you detecting the heap corruption? Is there a more definitive way to detect this condition?

Associate Tim Newell
Max Gaming Technologies
#3
10/10/2012 (2:18 pm)
I dont know what causes the heap corruption, but i started to get random issues (weird things happening, crashing on level exit) so i knew something was up. I saw that it was only happening on that level so I tracked it down by removing every object in the level till i found the one causing issues and then i noticed it was a simgroup called GroundCover and figured it might be the name so I changed it to GroundCoverGroup and all my issues went away. One way to detect heap corruption is to run Application verifier. It has been helping me a lot in this port of TGEA game to T3D. I cant run it on our missions though because my PC runs out of memory with it on. (right around when the game is using a gig of ram)

I also didn't have any extra time to hunt down the cause since I am in the middle of porting MAV to T3D. Avoiding it though works and there isn't a real need to name objects the same thing as classes. Mostly the code above was to throw up red flags when the issue was encountered so I could manually change the name. You may notice that the T3D editor will not let you name an object the same thing as a torque class, but doing it in code will not stop you.

Torque Owner Demolishun
DemolishunConsulting Rocks!
#4
10/10/2012 (3:34 pm)
Yeah, after I posted I did a search and found some Microsoft tools for detecting things like stack and heap corruption. I was going to try and mess up the heap and use the tool to try and detect it. Searching around I saw that people will write patterned data into a location somewhere in the heap. Then they check the data against that pattern during the execution of the program. This way they can detect it. I think the Microsoft tools do similar things.

Torque 3D Owner Kenneth Eves
XAP GAMES
#5
10/11/2012 (6:45 am)
Thanks for this. Dropped in and compiled without issue.

Associate Tim Newell
Max Gaming Technologies
#6
10/11/2012 (7:03 am)
Application Verifier is a microsoft tool and very easy to use. You just point it to your debug exe, turn on what options you want and then just debug like normal. Itll throw a breakpoint if something occurs like a value is about to write outside of an array causing heap corruption. There is a good chance you already have it installed too, i think it may come with visual studios, but I would recommend checking microsoft's website and make sure you have latest version.

Torque Owner Demolishun
DemolishunConsulting Rocks!
#7
10/11/2012 (9:40 am)
I think that is part of the tool set I downloaded:
msdn.microsoft.com/en-us/windows/hardware/hh852363.aspx

I used a link that allowed me to download the Windows 8 SDK and I only installed the tools from that to get app verifier. Thanks for the heads up, I am learning quite a bit from following this thread.