Hi, I’ve had some players crashing sometimes when entering specific systems. After some digging it turned out that the Territory.dll was trying to access unreserved memory. The culprit turned out to be the rep movsd
instruction, which is hardcoded to always copy 64 bytes of data, while the actual format strings were reserving only as much as they needed. In rare cases, they ended up being placed immediately before an unreserved block of memory, leading to out-of-bounds access attempt.
The fix was to simply make all format strings reserve 64 bytes of memory via change in stows
function.
// Convert the string to wide and store it, returning the NOT of its index.
int stows(LPCSTR s, bool nl = true)
{
int pos = ~store.size();
int len = MultiByteToWideChar(codepage, 0, s, -1, 0, 0);
if (len > 1)
{
len = 64;
LPWSTR ws = new WCHAR[len];
MultiByteToWideChar(codepage, 0, s, -1, ws, len);
ws[len - 1] = '\0';
if (nl)
while (--len >= 0)
if (ws[len] == '^')
ws[len] = '\n';
store.push_back(ws);
}
else
pos = 0;
return pos;
}