Lua Fix NullReferenceException exception when invoking valtype instance method (#1747)

IamSanjid · web-flow · commit 06c8e3ec46c1 · 2026-05-23T14:50:09.000-07:00
* Lua Fix System.NullReferenceException exception when invoking valtype instance method

* Copy back changes to our local valuetype storage after invoke
diff --git a/src/mods/bindings/Sdk.cpp b/src/mods/bindings/Sdk.cpp
@@ -370,15 +370,15 @@ struct ValueType {
         : type(t)
     {
         if (type != nullptr) {
-            data.resize(type->get_size());
+            data.resize(type->get_valuetype_size());
         }
     }
 
     ValueType(::sdk::RETypeDefinition* t, void* addr): type(t) {
         if (t != nullptr && addr != nullptr) {
             uint8_t* raw_data = reinterpret_cast<uint8_t*>(addr);
-            data.reserve(t->get_size());
-            data.insert(data.begin(), raw_data, raw_data + t->get_size());
+            data.reserve(t->get_valuetype_size());
+            data.insert(data.begin(), raw_data, raw_data + t->get_valuetype_size());
         }
     }
 
@@ -425,16 +425,33 @@ struct ValueType {
             return sol::make_object(l, sol::nil);
         }
 
-        auto real_obj = (void*)address();
         auto def = type->get_method(name);
 
         if (def == nullptr) {
             return sol::make_object(l, sol::nil);
         }
 
+        // For instance methods on value types, we need to construct a fake boxed object.
+        // The native invoke() expects a ManagedObject* with a 0x10 byte header:
+        //   0x00: REObjectInfo* (type info / vtable pointer)
+        //   0x08: uint32_t refcount + padding
+        //   0x10: actual value type data starts here
+        std::vector<uint8_t> fake_boxed_storage(0x10 + type->get_valuetype_size(), 0);
+        // REObject header: REObjectInfo* at offset 0x00
+        *(void**)&fake_boxed_storage[0x00] = (void*)type;
+        // REManagedObject: reference count at offset 0x08 (set high to prevent GC interference)
+        *(uint32_t*)&fake_boxed_storage[0x08] = 9999;
+        // Copy value type data at offset 0x10
+        memcpy(&fake_boxed_storage[0x10], data.data(), type->get_valuetype_size());
+
+        auto real_obj = (void*)fake_boxed_storage.data();
+
         auto vec_args = ::api::sdk::build_args(va);
         auto ret_val = def->invoke(real_obj, std::span(vec_args));
 
+        // copy back any changes to the value type from the fake boxed storage
+        memcpy(data.data(), &fake_boxed_storage[0x10], type->get_valuetype_size());
+
         if (ret_val.exception_thrown) {
             throw sol::error("Invoke threw an exception");
         }
