1.6: GTA streamer bug-fix round #1. This heavily reduces bug load, which is very limiting/blocking.

"Bug load" indicates that MTA uses hacks nad workarounds until now to avoid mostly race conditions from SA.

Adds streaming GC protection and safety for collision/model access
Fix SA streaming garbage collector race conditions

- New CStreamingGC class with guard for model protection
- New CColModelGuard wrapper for collision model reference counting
- Streaming removal callbacks to prevent GC during critical operations
- Thread-safe model protection
- CVehicleSA: Guard collision access in suspension line operations
- CRendererSA: Protect RwObject during rendering with ModelAddRef/RemoveRef
- CRenderWareSA: Validate pointers before callbacks, destroy removed atomics properly
- CPhysicalSA: Validate collision model before accessing radius in GetBoundRect_
- CColModelSA: Exception safety in constructor/destructor
- CModelInfoSA: Add IsCollisionLoaded/IsRwObjectLoaded
- CFileLoaderSA: Use type-safe callback shim instead of reinterpret_cast

Fixes prevent these too:
1. Collision models being GC'd during suspension line calculations
2. RwObjects being freed during rendering
3. TXD reference leaks during texture swapping
4. Model removal during active entity operations
5. Invalid pointer access after streaming unload

# Conflicts:
#	Client/game_sa/CColModelSA.cpp
#	Client/game_sa/CWorldSA.cpp

Author: Dutchman101

Client/game_sa/CAnimManagerSA.cpp

@@ -71,6 +71,7 @@ int CAnimManagerSA::GetNumAnimAssocDefinitions()
     return *(int*)(VAR_CAnimManager_NumAnimAssocDefinitions);
 }
 
+// Returns wrapper for animation hierarchy
 std::unique_ptr<CAnimBlendHierarchy> CAnimManagerSA::GetAnimation(int ID)
 {
     CAnimBlendHierarchySAInterface* pInterface = nullptr;
@@ -499,6 +500,7 @@ void CAnimManagerSA::RemoveAnimBlock(int ID)
     }
 }
 
+// Returns a pointer to GTA SA's internal animation association definition
 AnimAssocDefinition* CAnimManagerSA::AddAnimAssocDefinition(const char* szBlockName, const char* szAnimName, AssocGroupId animGroup, AnimationId animID,
                                                             AnimDescriptor* pDescriptor)
 {

Client/game_sa/CColModelGuard.h

@@ -0,0 +1,131 @@
+/*****************************************************************************
+ *
+ *  PROJECT:     Multi Theft Auto v1.0
+ *  LICENSE:     See LICENSE in the top level directory
+ *  FILE:        game_sa/CColModelGuard.h
+ *  PURPOSE:     Wrapper for collision model access with automatic reference counting
+ *
+ *  Multi Theft Auto is available from https://www.multitheftauto.com/
+ *
+ *****************************************************************************/
+
+#pragma once
+
+#include "CModelInfoSA.h"
+
+
+// Guard: Protects collision model from streaming GC
+class CColModelGuard
+{
+public:
+
+    // Increment ref count for pModelInfo's collision
+    explicit CColModelGuard(CModelInfoSA* pModelInfo) : m_pModelInfo(pModelInfo), m_bValid(false), m_pColModel(nullptr), m_pColData(nullptr)
+    {
+        if (!m_pModelInfo)
+            return;
+            
+        // Check and protect collision atomically
+        if (m_pModelInfo->IsCollisionLoaded())
+        {
+            m_pModelInfo->AddColRef();
+            bool bRefAdded = true;
+
+            try
+            {
+                // Cache pointers while protected
+                CBaseModelInfoSAInterface* pInterface = m_pModelInfo->GetInterface();
+                if (pInterface && pInterface->pColModel)
+                {
+                    m_pColModel = pInterface->pColModel;
+                    m_pColData = m_pColModel->m_data;
+                    m_bValid = (m_pColData != nullptr);
+                }
+
+                // Release ref if validation failed
+                if (!m_bValid)
+                {
+                    m_pModelInfo->RemoveColRef();
+                    bRefAdded = false;
+                }
+            }
+            catch (...)
+            {
+                // Release reference on exception
+                if (bRefAdded)
+                    m_pModelInfo->RemoveColRef();
+                throw;
+            }
+
+            // Prevent double-release in destructor
+            if (!bRefAdded)
+                m_pModelInfo = nullptr;
+        }
+    }
+
+    // Decrement ref count on destruction
+    ~CColModelGuard() noexcept
+    {
+        if (m_bValid && m_pModelInfo)
+        {
+            m_pModelInfo->RemoveColRef();
+        }
+    }
+
+    // Prevent copying
+    CColModelGuard(const CColModelGuard&) = delete;
+    CColModelGuard& operator=(const CColModelGuard&) = delete;
+
+    // Allow moving
+    CColModelGuard(CColModelGuard&& other) noexcept
+        : m_pModelInfo(other.m_pModelInfo), m_bValid(other.m_bValid), m_pColModel(other.m_pColModel), m_pColData(other.m_pColData)
+    {
+        // Transfer ownership
+        other.m_pModelInfo = nullptr;
+        other.m_bValid = false;
+        other.m_pColModel = nullptr;
+        other.m_pColData = nullptr;
+    }
+
+    CColModelGuard& operator=(CColModelGuard&& other) noexcept
+    {
+        if (this != &other)
+        {
+            // Release current, transfer from source
+            if (m_bValid && m_pModelInfo)
+                m_pModelInfo->RemoveColRef();
+
+            // Transfer ownership from source
+            m_pModelInfo = other.m_pModelInfo;
+            m_bValid = other.m_bValid;
+            m_pColModel = other.m_pColModel;
+            m_pColData = other.m_pColData;
+
+            // Prevent double-release
+            other.m_pModelInfo = nullptr;
+            other.m_bValid = false;
+            other.m_pColModel = nullptr;
+            other.m_pColData = nullptr;
+        }
+        return *this;
+    }
+
+    // Check if collision is protected
+    [[nodiscard]] bool IsValid() const noexcept { return m_bValid; }
+
+     // Get collision data (check IsValid first)
+     // Returns cached pointer or nullptr
+    [[nodiscard]] CColDataSA* GetColData() const noexcept { return m_bValid ? m_pColData : nullptr; }
+
+     // Get collision model (check IsValid first)
+     // Returns cached pointer or nullptr
+    [[nodiscard]] CColModelSAInterface* GetColModel() const noexcept { return m_bValid ? m_pColModel : nullptr; }
+
+    explicit operator bool() const noexcept { return m_bValid; }
+
+private:
+    CModelInfoSA*          m_pModelInfo;
+    bool                   m_bValid;
+    CColModelSAInterface*  m_pColModel;            // Cached during construction
+    CColDataSA*            m_pColData;             // Cached during construction
+};

Client/game_sa/CColModelSA.cpp

@@ -17,31 +17,62 @@ CColModelSA::CColModelSA()
     m_pInterface = new CColModelSAInterface;
     DWORD dwThis = (DWORD)m_pInterface;
     DWORD dwFunc = FUNC_CColModel_Constructor;
-    _asm
+    
+    try
     {
-        mov     ecx, dwThis
-        call    dwFunc
+        _asm
+        {
+            mov     ecx, dwThis
+            call    dwFunc
+        }
+    }
+    catch (...)
+    {
+        // Clean up on constructor failure
+        delete m_pInterface;
+        m_pInterface = nullptr;
+        throw;
     }
+    
     m_bDestroyInterface = true;
+    m_bValid = true;
 }
 
 CColModelSA::CColModelSA(CColModelSAInterface* pInterface)
 {
     m_pInterface = pInterface;
     m_bDestroyInterface = false;
+    m_bValid = true;
 }
 
 CColModelSA::~CColModelSA()
 {
-    if (m_bDestroyInterface)
+    m_bValid = false;
+    
+    if (m_bDestroyInterface && m_pInterface)
     {
         DWORD dwThis = (DWORD)m_pInterface;
         DWORD dwFunc = FUNC_CColModel_Destructor;
-        _asm
+        
+        try
         {
-            mov     ecx, dwThis
-            call    dwFunc
+            _asm
+            {
+                mov     ecx, dwThis
+                call    dwFunc
+            }
+        }
+        catch (...)
+        {
+            // Ensure cleanup completes on exception
         }
+        
         delete m_pInterface;
+        m_pInterface = nullptr;
     }
 }
+
+void CColModelSA::Destroy()
+{
+    delete this;
+}

Client/game_sa/CColModelSA.h

@@ -65,6 +65,12 @@ struct CSphereSA
 {
     CVector m_center;
     float   m_radius;
+    
+    // Validate radius is finite and non-negative
+    bool IsValidRadius() const
+    {
+        return std::isfinite(m_radius) && m_radius >= 0.0f && m_radius < 1000000.0f;
+    }
 };
 static_assert(sizeof(CSphereSA) == 0x10, "Invalid size for CSphereSA");
 
@@ -101,6 +107,12 @@ struct CColSphereSA : CSphereSA
         CSphereSA{ sp }
     {
     }
+    
+    // Validate material enum is in valid range
+    bool IsValidMaterial() const
+    {
+        return static_cast<std::uint8_t>(m_material) < static_cast<std::uint8_t>(EColSurfaceValue::SIZE);
+    }
 };
 static_assert(sizeof(CColSphereSA) == 0x14, "Invalid size for CColSphereSA");
 
@@ -109,6 +121,20 @@ struct CColTriangleSA
     std::uint16_t m_indices[3];
     EColSurface   m_material;
     CColLighting  m_lighting;
+    
+    // Validate material enum is in valid range
+    bool IsValidMaterial() const
+    {
+        return static_cast<std::uint8_t>(m_material) < static_cast<std::uint8_t>(EColSurfaceValue::SIZE);
+    }
+    
+    // Validate indices are within vertex count bounds
+    bool IsValidIndices(std::uint16_t numVertices) const
+    {
+        return m_indices[0] < numVertices && 
+               m_indices[1] < numVertices && 
+               m_indices[2] < numVertices;
+    }
 };
 static_assert(sizeof(CColTriangleSA) == 0x8, "Invalid size for CColTriangleSA");
 
@@ -178,10 +204,12 @@ class CColModelSA : public CColModel
     CColModelSA(CColModelSAInterface* pInterface);
     ~CColModelSA();
 
-    CColModelSAInterface* GetInterface() override { return m_pInterface; }
-    void                  Destroy() override { delete this; }
+    CColModelSAInterface* GetInterface() override { return m_bValid ? m_pInterface : nullptr; }
+    void                  Destroy() override;
+    bool                  IsValid() const { return m_bValid; }
 
 private:
     CColModelSAInterface* m_pInterface;
     bool                  m_bDestroyInterface;
+    bool                  m_bValid;
 };

Client/game_sa/CCoronasSA.cpp

@@ -83,10 +83,22 @@ CRegisteredCorona* CCoronasSA::FindCorona(DWORD Identifier)
 
 RwTexture* CCoronasSA::GetTexture(CoronaType type)
 {
-    if ((DWORD)type < MAX_CORONA_TEXTURES)
-        return (RwTexture*)(*(DWORD*)(ARRAY_CORONA_TEXTURES + static_cast<DWORD>(type) * sizeof(DWORD)));
-    else
-        return NULL;
+    // Validate enum is within valid range
+    if (static_cast<DWORD>(type) >= MAX_CORONA_TEXTURES) [[unlikely]]
+        return nullptr;
+    
+    // Read texture pointer from array with validation
+    DWORD* pTextureArray = reinterpret_cast<DWORD*>(ARRAY_CORONA_TEXTURES);
+    if (!pTextureArray) [[unlikely]]
+        return nullptr;
+    
+    DWORD textureAddr = pTextureArray[static_cast<DWORD>(type)];
+    if (!textureAddr) [[unlikely]]
+        return nullptr;
+    
+    RwTexture* pTexture = reinterpret_cast<RwTexture*>(textureAddr);
+    
+    return pTexture;
 }
 
 void CCoronasSA::DisableSunAndMoon(bool bDisabled)

Client/game_sa/CEntitySA.h

@@ -237,6 +237,7 @@ class CEntitySA : public virtual CEntity
 
     CEntitySA();
     CEntitySAInterface* GetInterface() { return m_pInterface; };
+    CEntitySAInterface* GetInterface() const { return m_pInterface; };
     void                SetInterface(CEntitySAInterface* intInterface) { m_pInterface = intInterface; };
 
     bool IsPed() { return GetEntityType() == ENTITY_TYPE_PED; }

Client/game_sa/CFileLoaderSA.cpp

@@ -127,6 +127,14 @@ static void CVehicleModelInfo_StopUsingCommonVehicleTexDicationary()
 static auto          CModelInfo_ms_modelInfoPtrs = (CBaseModelInfoSAInterface**)ARRAY_ModelInfo;
 static unsigned int& gAtomicModelId = *reinterpret_cast<unsigned int*>(DWORD_AtomicsReplacerModelID);
 
+namespace
+{
+    bool RelatedModelInfoShim(RpAtomic* atomic, void* context)
+    {
+        return CFileLoader_SetRelatedModelInfoCB(atomic, static_cast<SRelatedModelInfo*>(context)) != nullptr;
+    }
+}
+
 bool CFileLoader_LoadAtomicFile(RwStream* stream, unsigned int modelId)
 {
     CBaseModelInfoSAInterface* pBaseModelInfo = CModelInfo_ms_modelInfoPtrs[modelId];
@@ -157,7 +165,7 @@ bool CFileLoader_LoadAtomicFile(RwStream* stream, unsigned int modelId)
         relatedModelInfo.pClump = pReadClump;
         relatedModelInfo.bDeleteOldRwObject = false;
 
-        RpClumpForAllAtomics(pReadClump, reinterpret_cast<RpClumpForAllAtomicsCB_t>(CFileLoader_SetRelatedModelInfoCB), &relatedModelInfo);
+        RpClumpForAllAtomics(pReadClump, RelatedModelInfoShim, &relatedModelInfo);
         RpClumpDestroy(pReadClump);
     }
 

Client/game_sa/CGameSA.cpp

@@ -47,6 +47,7 @@
 #include "CRopesSA.h"
 #include "CSettingsSA.h"
 #include "CStatsSA.h"
+#include "CStreamingGC.h"
 #include "CTaskManagementSystemSA.h"
 #include "CTasksSA.h"
 #include "CVisibilityPluginsSA.h"
@@ -277,6 +278,9 @@ CGameSA::CGameSA()
 
 CGameSA::~CGameSA()
 {
+    // Shutdown streaming GC hooks
+    CStreamingGC::Shutdown();
+
     delete reinterpret_cast<CPlayerInfoSA*>(m_pPlayerInfo);
 
     for (int i = 0; i < NUM_WeaponInfosTotal; i++)
@@ -493,10 +497,18 @@ void CGameSA::Initialize()
     SetupBrokenModels();
     m_pRenderWare->Initialize();
 
+    // Initialize streaming GC protection hooks
+    CStreamingGC::Initialize();
+
     // *Sebas* Hide the GTA:SA Main menu.
     MemPutFast<BYTE>(CLASS_CMenuManager + 0x5C, 0);
 }
 
+StreamingRemoveModelCallback CGameSA::GetStreamingRemoveModelCallback() const noexcept
+{
+    return &CStreamingGC::OnRemoveModel;
+}
+
 eGameVersion CGameSA::GetGameVersion()
 {
     return m_eGameVersion;

Client/game_sa/CGameSA.h

@@ -313,6 +313,8 @@ class CGameSA : public CGame
     void SetTaskSimpleBeHitHandler(TaskSimpleBeHitHandler* pTaskSimpleBeHitHandler) { m_pTaskSimpleBeHitHandler = pTaskSimpleBeHitHandler; }
     CAnimBlendClumpDataSAInterface** GetClumpData(RpClump* clump) { return RWPLUGINOFFSET(CAnimBlendClumpDataSAInterface*, clump, ClumpOffset); }
 
+    StreamingRemoveModelCallback GetStreamingRemoveModelCallback() const noexcept override;
+
     PreWeaponFireHandler*   m_pPreWeaponFireHandler;
     PostWeaponFireHandler*  m_pPostWeaponFireHandler;
     TaskSimpleBeHitHandler* m_pTaskSimpleBeHitHandler;