From ee832956a3a2eb4ce9f1fba6981f095a7396a76d Mon Sep 17 00:00:00 2001
From: Copilot <223556219+Copilot@users.noreply.github.com>
Date: Sun, 31 May 2026 19:50:04 -0700
Subject: [PATCH] Guard item.original write in HookingSystem::Detach

HookingSystem::Attach already treats aOriginal as optional and only
writes to it when it is non-null. The v1 entry point in Funcs.cpp
also lets plugins pass nullptr for the original-out pointer (only
aTarget and aDetour are required). HookingSystem::Detach, however,
unconditionally executed:

    *item.original = nullptr;

after a successful detach, so any plugin that registered a hook
without asking for the original trampoline would crash the game
process the moment it removed that hook.

Mirror Attach's check by only writing through item.original when it
is non-null. Shutdown is not affected because it uses
QueueForDetach + m_hooks.clear() and never writes through
item.original.

Fixes #136

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 src/dll/Systems/HookingSystem.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/dll/Systems/HookingSystem.cpp b/src/dll/Systems/HookingSystem.cpp
index fd09ed60..98b4b713 100644
--- a/src/dll/Systems/HookingSystem.cpp
+++ b/src/dll/Systems/HookingSystem.cpp
@@ -118,7 +118,10 @@ bool HookingSystem::Detach(std::shared_ptr<PluginBase> aPlugin, void* aTarget)
             auto& item = it->second;
             if (item.target == aTarget)
             {
-                *item.original = nullptr;
+                if (item.original)
+                {
+                    *item.original = nullptr;
+                }
                 it = m_hooks.erase(it);
             }
             else