Mirror/TrinityCore
1
0
Fork 0
mirror of https://github.com/TrinityCore/TrinityCore.git synced 2026-01-19 08:55:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Core/Movement: Fix invalid memory access

Browse Source 
Fix the stack implementation used in MotionMaster and added few sanity checks to ensure no underflows will be made.

Valgrind log:
 Invalid read of size 8
  at : MotionMaster::top() const (MotionMaster.h:115)
  by : MotionMaster::pop() (MotionMaster.h:91)
  by : MotionMaster::~MotionMaster() (MotionMaster.cpp:74)
  by : Unit::~Unit() (Unit.cpp:296)
  by : Player::~Player() (Player.cpp:880)
  by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:665)
  by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:516)
This commit is contained in:
jackpoz
2013-12-14 16:40:04 +01:00
parent 9d9d1fb6c6
commit e28cc4660b
2 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/server/game/Movement/MotionMaster.cpp
View File

@@ -130,6 +130,9 @@ void MotionMaster::DirectClean(bool reset)
if (curr) DirectDelete(curr);
}
if (empty())
return;
if (needInitTop())
InitTop();
else if (reset)
@@ -156,7 +159,7 @@ void MotionMaster::DirectExpire(bool reset)
DirectDelete(curr);
}
while (!top())
while (!empty() && !top())
--_top;
if (empty())
@@ -176,7 +179,7 @@ void MotionMaster::DelayedExpire()
DelayedDelete(curr);
}
while (!top())
while (!empty() && !top())
--_top;
}