GTA SA: Weapon limits cause script command GET_WEAPONTYPE_MODEL crash

[MiranDMC]

GTA SA 1.0 US
Clean F92LA 7.6 installation.

After enabling settings in ini file:

[WEAPON LIMITS]
; Enable weapon type loader  (0)
Enable weapon type loader  = 1

; Weapon type loader, number of type IDs (70)
Weapon type loader, number of type IDs = 70

Calling vanilla game's script command GET_WEAPONTYPE_MODEL with weapon id 47 crashes the game:

---------------------------
fastman92 limit adjuster 7.6, compilation time: Jun 14 2024 06:14:37 (UTC)
---------------------------
Game has crashed, here's a crash log:
Current process ID: 21804
Current thread ID: 31632
Last file to be loaded: AUDIO\STREAMS\AMBIENCE
Last library loaded: kernel32.dll
Exception address: 0x0046B977 ("GTA_SA.EXE"+0x6B977)
Exception code: 0xC0000005 (EXCEPTION_ACCESS_VIOLATION)
Inaccessible memory address: 0xC

General registers:
EAX: 0x00000000 (0)
EBX: 0x00000001 (1)
ECX: 0x07509CB8 (122723512)
EDX: 0x0000002F (47)
ESI: 0x08F8EA60 (150530656)
EDI: 0x0028F3F4 (2683892)
EBP: 0x00000781 (1921)
ESP: 0x0028EEE0 (2682592)
EIP: 0x0046B977 (4634999) ["GTA_SA.EXE"+0x6B977]
EFL: 0x00210246 (2163270)

Without F92LA installed script command returns proper value 346.
Test CLEO script:

{$CLEO .cs}
0001: wait 2000

0ACE: print_help_formatted {text} "Addon weapon test"

0001: wait 1000

0@ = 47
0781: get_weapontype_model {weaponType} 0@ {storeTo} 1@
0ACE: print_help_formatted {text} "Weapon %d model is %d" {args} 0@ 1@

0A93: terminate_this_custom_script

[MiranDMC]

Same happens with get_weapontype_slot and probably other weapon related commands.

[fastman92]

If you see data\gtasa_weapon_config.dat

`# IDs 47 to 59 are reserved for internal game usage

47 LAST_WEAPONTYPE

48 ARMOUR

49 RAMMEDBYCAR

50 RUNOVERBYCAR

51 EXPLOSION

52 UZI_DRIVEBY

53 DROWNING

54 FALL

55 UNIDENTIFIED

56 ANYMELEE

57 ANYWEAPON

58 FLARE

59 TANK_GRENADE`

There's a comment left about these IDs.
These IDs are used to specify what kind of harm can be done to ped/vehicle/object. It may bea user-operated weapon or something else (explosion, fall and the like)
ID 47, it's not a user-operated weapon.

User operated weapons have their line in gtasa_weapon_config.dat and weapon.dat.
0781 SCM command ID in GTA SA returns model ID for weapon of standard skill, indeed.

In standard game CWeaponInfo::GetWeaponInfo would return a pointer, even if weapon ID is invalid.

In default game:
aWeaponInfo:

• 0, WEAPONSKILL_STD, 47 weapon.dat lines
• 47, WEAPONSKILL_POOR, 11 weapon.dat lines that have a stat index
• 58, WEAPONSKILL_PRO, 11 weapon.dat lines that have a stat index
  +69, WEAPONSKILL_SPECIAL, 11 weapon.dat lines that have a stat index

CWeaponInfo::GetWeaponInfo((eWeaponID)47, WEAPONSKILL_STD) would return a pointer to aWeaponInfo[47]. This is PISTOL's WEAPONSKILL_POOR line from weapon.dat. It would return the model ID of PISTOL's WEAPONSKILL_POOR line.

It would return a garbage value, useless value.

The FLA does something different - CWeaponInfo::GetWeaponInforeturns NULL, if valid user-operated weapon ID has not been provided. So it returned NULL for ID 47, the SCM command tried accessing that NULL pointer to read model ID and game crashed.

It works as expected, better than in standard game.

[MiranDMC]

Now it is not better than in standard game. GET_WEAPONTYPE_MODEL was legit way to check all entries of CWeaponInfo::aWeaponInfo. For unused slots returned model was -1.

Now you enabled way to add new weapons, but made it impossible to dynamically scan for them.