fix: heap corruption#1895
Conversation
|
No actionable comments were generated in the recent review. 🎉 📝 WalkthroughWalkthroughReplaced direct material allocation in the non-menu branch of BSLightingShaderProperty_LoadBinary with a relocation-resolved CreateOnScrapHeap call that allocates the material on Skyrim's Thread ScrapHeap (8-byte alignment); menu-screen path and subsequent linking/state updates remain unchanged. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~12 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
✅ A pre-release build is available for this PR: |
|
Thanks. Perhaps this needs to be fixed on the comonlib side actually. I'll investigate since it is using some of our internal RE (that should be upstream instead). |
|
@doodlum seems plausible, but thoughts? |
|
i thought clib fixed this. this method looks fine, just the relid should be in globals |
@doodlum Was this your PR? We should be on it now. |
|
yeah |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
src/TruePBR.cpp (1)
569-572: Commit title: add a scope for clarityThe current title
fix: heap corruptionfollows conventional commits but the scope is absent. A scoped title more precisely conveys the change:fix(pbr): use scrapheap for material allocation in LoadBinaryAs per coding guidelines on Conventional Commit Titles:
type(scope): description, max 50 characters.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/TruePBR.cpp` around lines 569 - 572, Update the commit title to include a scope and concise description following Conventional Commits (type(scope): description) so it reads like "fix(pbr): use scrapheap for material allocation in LoadBinary" (keep under ~50 chars); this change is purely the commit message for the change around CreateOnScrapHeap/RE::BSLightingShaderMaterialBase::CreateMaterial allocation in LoadBinary where material is assigned, so amend the existing commit message (git commit --amend or interactive rebase) to the scoped title and push/update the PR.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/TruePBR.cpp`:
- Around line 562-567: The PBR branch is allocating BSLightingShaderMaterialPBR
via BSLightingShaderMaterialPBR::Make() which currently uses RE::malloc with
align=0 instead of allocating from the Thread ScrapHeap with align=8, leaving
LinkObject/Deallocate vulnerable to crashes; update the allocation path for
BSLightingShaderMaterialPBR (the Make/constructor path used in the
kMenuScreen/PBR branch) to allocate from the Thread ScrapHeap with align=8
(matching the fix applied to the other material branch), ensure any
corresponding deallocation uses the ScrapHeap-aware Deallocate/LinkObject logic,
and add a short comment referencing Thread ScrapHeap align=8 for future
reviewers.
---
Nitpick comments:
In `@src/TruePBR.cpp`:
- Around line 569-572: Update the commit title to include a scope and concise
description following Conventional Commits (type(scope): description) so it
reads like "fix(pbr): use scrapheap for material allocation in LoadBinary" (keep
under ~50 chars); this change is purely the commit message for the change around
CreateOnScrapHeap/RE::BSLightingShaderMaterialBase::CreateMaterial allocation in
LoadBinary where material is assigned, so amend the existing commit message (git
commit --amend or interactive rebase) to the scoped title and push/update the
PR.
| { | ||
| RE::BSLightingShaderMaterialBase* material = nullptr; | ||
| if (property->flags.any(kMenuScreen)) { | ||
| // Note: Same bug as below, should be using Thread ScrapHeap with align=8 instead of RE::malloc with align=0 |
There was a problem hiding this comment.
@claude can you please add the implementation as needed? Please also determine if this fix should actually be PR upstream to commonlib which we will sycn with via our commonlib. https://github.com/powerof3/CommonLibSSE
|
Ok, confirmed this is fixed from commonlib already. Will do another PR to handle the PBR path. @SimplisticMind thanks for filing the issue and the pr. |
PBR material Make() was using operator new (via TES_HEAP_REDEFINE_NEW), which allocates from the global heap with RE::malloc. The game expects materials to be allocated from the Thread ScrapHeap with align=8. This mismatch causes heap corruption when materials are later freed via scrap heap deallocation paths. Switch to scrapHeap->Allocate + std::construct_at, matching the pattern used by CommonLib's BSLightingShaderMaterialBase::CreateMaterial Ref: community-shaders#1895, community-shaders#1654
PBR material Make() was using operator new (via TES_HEAP_REDEFINE_NEW), which allocates from the global heap with RE::malloc. The game expects materials to be allocated from the Thread ScrapHeap with align=8. This mismatch causes heap corruption when materials are later freed via scrap heap deallocation paths. Switch to scrapHeap->Allocate + std::construct_at, matching the pattern used by CommonLib's BSLightingShaderMaterialBase::CreateMaterial Ref: community-shaders#1895, community-shaders#1654
3 participants
Partially fixes heap corruption; I don't have ability to test PBR materials. Tested by using AppVerifier and going ingame.
Fixes #1654
Summary by CodeRabbit