Crash in topmenus.ext.so (TopMenu::OnMenuSelect2)

[dragokas]

Help us help you

• [x] I have checked that my issue doesn't exist yet.
• [ ] I have tried my absolute best to reduce the problem-space and have provided the absolute smallest test-case possible.
• [ ] I can always reproduce the issue with the provided description below.

Environment

• Operating System version: Debian 10
• Game/AppID (with version if applicable): 500
• Current SourceMod version: 1.11.0.6675
• Current SourceMod snapshot: 1.11.0.6675
• Current Metamod: Source snapshot: 1.10.7

• [x] I have updated SourceMod to the latest version and it still happens.
• [x] I have updated SourceMod to the latest snapshot and it still happens.
• [ ] I have updated SourceMM to the latest snapshot and it still happens.

Description

Crash happened when I clicked "Player Commands" item of sm_admin menu. At the same time sm_respawn plugin is reloaded and is being manipulated with TopMenu's Remove / AddItem methods.

Logs

https://crash.limetech.org/ry2lz6ixbacb

[KyleSanderson]

Can you attach the STR / plugin?

[dragokas]

STR? Here is a current version of the plugin, which was used while those crash happened: https://dragokas.com/private/l4d_sm_respawn.zip https://pastebin.com/u3y0StQm

[dragokas]

One more different crash. May be related: https://crash.limetech.org/z2v7fcvg2pqq

topmenus.ext.so!TopMenu::UpdateClientCategory(int, unsigned int, bool) + 0x73
topmenus.ext.so!TopMenu::DisplayMenu(int, unsigned int, SourceMod::TopMenuPosition) + 0x78
topmenus.ext.so!DisplayTopMenu(SourcePawn::IPluginContext*, int const*) + 0xc9

[asherkin]

Both of those crashes appear to be instances of #1559.

I've been seeing a bunch of other topmenus crashes on Discord with people updating to 1.11, those don't seem to require any menu item changes to hit but the stack traces are very similar and the crash is where it'd be expected for #1559, so there might be another 1.11-specific issue around topmenus item handling too.