aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorShauren <shauren.trinity@gmail.com>2023-08-23 11:03:52 +0200
committerShauren <shauren.trinity@gmail.com>2023-08-23 11:04:14 +0200
commit6a304a82b11d0be767dd9c5ef9e207df9f7f7173 (patch)
treeeb319221ba6e22ba66a63e96f7133d094c7e4343
parent8d43d2bafc2e2c42e51c82d0526f2c9c0fd79f53 (diff)
Core/Units: Fixed possible use after free in ThreatManager
Closes #28830 (cherry picked from commit 3e3968b63c4192b766de69c8f4744adba406c94b)
Diffstat
-rw-r--r--src/server/game/Combat/ThreatManager.cpp10
-rw-r--r--src/server/game/Combat/ThreatManager.h4
2 files changed, 8 insertions, 6 deletions
diff --git a/src/server/game/Combat/ThreatManager.cpp b/src/server/game/Combat/ThreatManager.cpp
index bf859907bec..1789341bac0 100644
--- a/src/server/game/Combat/ThreatManager.cpp
+++ b/src/server/game/Combat/ThreatManager.cpp
@@ -19,6 +19,7 @@
#include "Creature.h"
#include "CreatureAI.h"
#include "CreatureGroups.h"
+#include "MapUtils.h"
#include "MotionMaster.h"
#include "Player.h"
#include "TemporarySummon.h"
@@ -83,7 +84,7 @@ void ThreatReference::UpdateOffline()
{
_online = ShouldBeSuppressed() ? ONLINE_STATE_SUPPRESSED : ONLINE_STATE_ONLINE;
HeapNotifyIncreased();
- _mgr.RegisterForAIUpdate(this);
+ _mgr.RegisterForAIUpdate(GetVictim()->GetGUID());
}
}
@@ -656,11 +657,12 @@ ThreatReference const* ThreatManager::ReselectVictim()
void ThreatManager::ProcessAIUpdates()
{
CreatureAI* ai = ASSERT_NOTNULL(_owner->ToCreature())->AI();
- std::vector<ThreatReference const*> v(std::move(_needsAIUpdate)); // _needsAIUpdate is now empty in case this triggers a recursive call
+ std::vector<ObjectGuid> v(std::move(_needsAIUpdate)); // _needsAIUpdate is now empty in case this triggers a recursive call
if (!ai)
return;
- for (ThreatReference const* ref : v)
- ai->JustStartedThreateningMe(ref->GetVictim());
+ for (ObjectGuid const& guid : v)
+ if (ThreatReference const* ref = Trinity::Containers::MapGetValuePtr(_myThreatListEntries, guid))
+ ai->JustStartedThreateningMe(ref->GetVictim());
}
// returns true if a is LOWER on the threat list than b
diff --git a/src/server/game/Combat/ThreatManager.h b/src/server/game/Combat/ThreatManager.h
index 8cc792b0c1f..b78a2e59b37 100644
--- a/src/server/game/Combat/ThreatManager.h
+++ b/src/server/game/Combat/ThreatManager.h
@@ -204,8 +204,8 @@ class TC_GAME_API ThreatManager
// AI notifies are delayed to ensure we are in a consistent state before we call out to arbitrary logic
// threat references might register themselves here when ::UpdateOffline() is called - MAKE SURE THIS IS PROCESSED JUST BEFORE YOU EXIT THREATMANAGER LOGIC
void ProcessAIUpdates();
- void RegisterForAIUpdate(ThreatReference const* ref) { _needsAIUpdate.push_back(ref); }
- std::vector<ThreatReference const*> _needsAIUpdate;
+ void RegisterForAIUpdate(ObjectGuid const& guid) { _needsAIUpdate.push_back(guid); }
+ std::vector<ObjectGuid> _needsAIUpdate;
// picks a new victim - called from ::Update periodically
void UpdateVictim();