SDK: Further verification for GUObjectArray

praydog · Jul 5, 2023 · cf73015 · cf73015
1 parent a84b4b3
commit cf73015
Showing 1 changed file with 26 additions and 2 deletions.
diff --git a/shared/sdk/UObjectArray.cpp b/shared/sdk/UObjectArray.cpp
@@ -80,12 +80,12 @@ FUObjectArray* FUObjectArray::get() {
                 return utility::ExhaustionResult::CONTINUE;
             }
 
-            if (!IsBadReadPtr(*(void**)&potential_obj_first_gc_index, sizeof(void*))) {
+            if (!IsBadReadPtr(*(void**)&potential_obj_first_gc_index, sizeof(void*)) && (*(int64_t*)&potential_obj_first_gc_index & 1) == 0) {
                 SPDLOG_INFO("Skipping potential GUObjectArray at 0x{:x} due to valid pointer", *displacement);
                 return utility::ExhaustionResult::CONTINUE;
             }
 
-            if (!IsBadReadPtr(*(void**)&potential_obj_max_objects_not_consid_by_gc, sizeof(void*))) {
+            if (!IsBadReadPtr(*(void**)&potential_obj_max_objects_not_consid_by_gc, sizeof(void*)) && (*(int64_t*)&potential_obj_max_objects_not_consid_by_gc & 1) == 0) {
                 SPDLOG_INFO("Skipping potential GUObjectArray at 0x{:x} due to valid pointer", *displacement);
                 return utility::ExhaustionResult::CONTINUE;
             }
@@ -99,6 +99,30 @@ FUObjectArray* FUObjectArray::get() {
                 SPDLOG_INFO("Skipping potential GUObjectArray at 0x{:x} due to invalid pointer", *displacement);
                 return utility::ExhaustionResult::CONTINUE;
             }
+
+            // Verify that the first object in the list is valid
+            {
+                const auto first_obj = *(void**)potential_obj_obj_objects;
+
+                if (first_obj == nullptr || IsBadReadPtr(first_obj, sizeof(void*))) {
+                    SPDLOG_INFO("Skipping potential GUObjectArray at 0x{:x} due to invalid pointer @ first object", *displacement);
+                    return utility::ExhaustionResult::CONTINUE;
+                }
+
+                const auto first_vtable = *(void**)first_obj;
+
+                if (first_vtable == nullptr || IsBadReadPtr(first_vtable, sizeof(void*))) {
+                    SPDLOG_INFO("Skipping potential GUObjectArray at 0x{:x} due to invalid pointer @ first vtable", *displacement);
+                    return utility::ExhaustionResult::CONTINUE;
+                }
+
+                const auto first_vfunc = *(void**)first_vtable;
+
+                if (first_vfunc == nullptr || IsBadReadPtr(first_vfunc, sizeof(void*))) {
+                    SPDLOG_INFO("Skipping potential GUObjectArray at 0x{:x} due to invalid pointer @ first vfunc", *displacement);
+                    return utility::ExhaustionResult::CONTINUE;
+                }
+            }
 
             // At this point we've found it, check if it's a chunked array or not, and set a static variable
             if (potential_max_chunks > 0 && potential_num_chunks > 0 && potential_max_chunks < 1000 && potential_num_chunks <= potential_max_chunks) {