bugfix(aigroup): Prevent game crash when a player is selected in Replay playback (2)

[Caball009]

• Follow up for PR [GEN][ZH] Prevent game crash when a player is selected in Replay playback #1212

With the fix from #1212 AIGroupPtr currentlySelectedGroup would be accessed even if it had been destroyed and its memory deallocated. This is a use-after-free bug. It relies on the memory not being overwritten on deallocation.

If macro MEMORYPOOL_DEBUG (enabled by RTS_DEBUG) is enabled, freed memory is overwritten with a garbage value, so the game crashes when currentlySelectedGroup is dereferenced (at line 2132).

TODO:

• Tweak TSH comment.
• Replicate in Generals.

[greptile-apps]

Greptile Summary

This PR is a follow-up to #1212 that replaces a use-after-free heuristic (getCount() == 0 on a potentially-freed AIGroup) with a proper pointer-liveness check (doesGroupExist) that scans m_groupList by address without ever dereferencing the suspect pointer.

• GameLogicDispatch.cpp: The #if RETAIL_COMPATIBLE_AIGROUP guard now calls TheAI->doesGroupExist(currentlySelectedGroup) instead of reading getCount() through a possibly-freed pointer; inside this guard AIGroupPtr is AIGroup*, so the call compiles cleanly.
• Generals and GeneralsMD headers/implementations: doesGroupExist(AIGroup* group) const is added to both builds, resolving the compilation gap that would have occurred if only one target had the declaration.
• The implementation reuses the same std::find + m_groupList pattern already present in destroyGroup, so no new headers or idioms are introduced.

Confidence Score: 5/5

Safe to merge — the fix is minimal, well-scoped, and correctly addresses the use-after-free without introducing new patterns or dependencies

The change replaces a crash-prone dereference of a freed pointer with a pointer-value scan that never dereferences the suspect address. Both Generals and GeneralsMD receive matching declarations and implementations, and the doesGroupExist implementation follows the same std::find + m_groupList idiom already used by destroyGroup in the same file

No files require special attention

Important Files Changed

Filename	Overview
Core/GameEngine/Source/GameLogic/System/GameLogicDispatch.cpp	Replaces the use-after-free getCount() == 0 heuristic with a safe doesGroupExist pointer-liveness check; updates the comment attribution and date
Generals/Code/GameEngine/Include/GameLogic/AI.h	Adds doesGroupExist(AIGroup* group) const declaration to the Generals AI class, resolving the missing-declaration issue from PR #1212's follow-up
Generals/Code/GameEngine/Source/GameLogic/AI/AI.cpp	Implements doesGroupExist using std::find over m_groupList; consistent with the existing destroyGroup pattern that already uses std::find on the same list
GeneralsMD/Code/GameEngine/Include/GameLogic/AI.h	Mirrors the Generals header change, adding doesGroupExist declaration to the Zero Hour AI class
GeneralsMD/Code/GameEngine/Source/GameLogic/AI/AI.cpp	Mirrors the Generals implementation; identical doesGroupExist body using std::find over m_groupList

Sequence Diagram

sequenceDiagram
    participant GLD as GameLogicDispatch
    participant AI as TheAI (AI singleton)
    participant GL as m_groupList

    GLD->>GLD: "currentlySelectedGroup != nullptr?"
    alt pointer non-null
        GLD->>AI: doesGroupExist(currentlySelectedGroup)
        AI->>GL: std::find(begin, end, group)
        GL-->>AI: iterator (found / end)
        AI-->>GLD: true (exists) / false (destroyed)
        alt group not in list (destroyed)
            GLD->>GLD: return early — avoid use-after-free
        else group still alive
            GLD->>GLD: proceed to process selection
        end
    end

Loading

_{Reviews (3): Last reviewed commit: "Made 'AI::doesGroupExist' member functio..." | Re-trigger Greptile}

[xezon]

Makes sense. I have not thought of that.

[Caball009]

Replicated in Generals.