diff options
| author | Shauren <shauren.trinity@gmail.com> | 2013-10-27 23:05:31 +0100 |
|---|---|---|
| committer | Shauren <shauren.trinity@gmail.com> | 2013-10-27 23:05:31 +0100 |
| commit | cf72f7cc5cf13607dd7353b8d940d56679b6956b (patch) | |
| tree | 549832a7aeb17276ab3030d32a0034c754554ac6 | |
| parent | 29570076d5b575814368d6aa3f7c53b675aa1752 (diff) | |
Core/Vehicles: Fixed a crash caused by accessing freed memory
Valgrind log:
==1357== Invalid read of size 8
==1357== at 0x108339C: std::_Rb_tree<signed char, std::pair<signed char const, VehicleSeat>, std::_Select1st<std::pair<signed char const, VehicleSeat> >, std::less<signed char>, std::allocator<std::pair<signed char const, VehicleSeat> > >::begin() (stl_tree.h:685)
==1357== by 0x1082B23: std::map<signed char, VehicleSeat, std::less<signed char>, std::allocator<std::pair<signed char const, VehicleSeat> > >::begin() (stl_map.h:321)
==1357== by 0x1567152: VehicleAI::CheckConditions(unsigned int) (CombatAI.cpp:330)
==1357== by 0x1566EE5: VehicleAI::UpdateAI(unsigned int) (CombatAI.cpp:285)
==1357== by 0x11A8FB3: Creature::Update(unsigned int) (Creature.cpp:543)
==1357== by 0x11BC1A2: TempSummon::Update(unsigned int) (TemporarySummon.cpp:47)
==1357== by 0x12E8194: Trinity::ObjectUpdater::Visit(GridRefManager<Creature>&) (GridNotifiersImpl.h:45)
==1357== by 0x12F31BD: void VisitorHelper<Trinity::ObjectUpdater, Creature>(Trinity::ObjectUpdater&, ContainerMapList<Creature>&) (TypeContainerVisitor.h:64)
==1357== by 0x12F2CCB: void VisitorHelper<Trinity::ObjectUpdater, Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > >(Trinity::ObjectUpdater&, ContainerMapList<TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > >&) (TypeContainerVisitor.h:70)
==1357== by 0x12F251F: void VisitorHelper<Trinity::ObjectUpdater, GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > >(Trinity::ObjectUpdater&, ContainerMapList<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > >&) (TypeContainerVisitor.h:71)
==1357== by 0x12F1BA5: void VisitorHelper<Trinity::ObjectUpdater, TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > >(Trinity::ObjectUpdater&, TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > >&) (TypeContainerVisitor.h:94)
==1357== by 0x12F0DDD: TypeContainerVisitor<Trinity::ObjectUpdater, TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > > >::Visit(TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > >&) (TypeContainerVisitor.h:105)
==1357== by 0x12EF5A0: void Grid<Player, TypeList<Player, TypeList<Creature, TypeList<Corpse, TypeList<DynamicObject, TypeNull> > > >, TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > >::Visit<Trinity::ObjectUpdater>(TypeContainerVisitor<Trinity::ObjectUpdater, TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > > >&) (Grid.h:91)
==1357== by 0x12ED766: void NGrid<8u, Player, TypeList<Player, TypeList<Creature, TypeList<Corpse, TypeList<DynamicObject, TypeNull> > > >, TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > >::VisitGrid<Trinity::ObjectUpdater, TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > >(unsigned int, unsigned int, TypeContainerVisitor<Trinity::ObjectUpdater, TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > > >&) (NGrid.h:157)
==1357== by 0x12EA2D3: void Map::Visit<Trinity::ObjectUpdater, TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > > >(Cell const&, TypeContainerVisitor<Trinity::ObjectUpdater, TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > > >&) (Map.h:701)
==1357== by 0x12DCD84: Map::VisitNearbyCellsOf(WorldObject*, TypeContainerVisitor<Trinity::ObjectUpdater, TypeMapContainer<TypeList<GameObject, TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > > > >&, TypeContainerVisitor<Trinity::ObjectUpdater, TypeMapContainer<TypeList<Player, TypeList<Creature, TypeList<Corpse, TypeList<DynamicObject, TypeNull> > > > > >&) (Map.cpp:604)
==1357== by 0x12DD045: Map::Update(unsigned int) (Map.cpp:646)
==1357== by 0x1520E03: MapUpdateRequest::call() (MapUpdater.cpp:54)
==1357== by 0x1596958: DelayExecutor::svc() (DelayExecutor.cpp:52)
==1357== by 0x5184E56: ACE_Task_Base::svc_run(void*) (in /usr/lib/libACE-6.0.3.so)
==1357== Address 0x2a849600 is 32 bytes inside a block of size 168 free'd
==1357== at 0x4C2BADC: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1357== by 0x107F309: Vehicle::~Vehicle() (Vehicle.cpp:66)
==1357== by 0x10BE0D2: Unit::RemoveVehicleKit() (Unit.cpp:15949)
==1357== by 0x10B52CA: Unit::RemoveFromWorld() (Unit.cpp:13440)
==1357== by 0x11A7D73: Creature::RemoveFromWorld() (Creature.cpp:204)
==1357== by 0x11BCBAA: TempSummon::RemoveFromWorld() (TemporarySummon.cpp:279)
==1357== by 0x11BCD5E: Minion::RemoveFromWorld() (TemporarySummon.cpp:308)
==1357== by 0x10B5514: Unit::CleanupBeforeRemoveFromMap(bool) (Unit.cpp:13481)
==1357== by 0x10B5605: Unit::CleanupsBeforeDelete(bool) (Unit.cpp:13503)
==1357== by 0x12E3B67: Map::AddObjectToRemoveList(WorldObject*) (Map.cpp:2401)
==1357== by 0x10FCAAC: WorldObject::AddObjectToRemoveList() (Object.cpp:2138)
==1357== by 0x11BCABA: TempSummon::UnSummon(unsigned int) (TemporarySummon.cpp:256)
==1357== by 0x11BCAFA: ForcedUnsummonDelayEvent::Execute(unsigned long, unsigned int) (TemporarySummon.cpp:261)
==1357== by 0x159B665: EventProcessor::Update(unsigned int) (EventProcessor.cpp:47)
==1357== by 0x10858E2: Unit::Update(unsigned int) (Unit.cpp:318)
==1357== by 0x11A8E6C: Creature::Update(unsigned int) (Creature.cpp:519)
==1357== by 0x11BC1A2: TempSummon::Update(unsigned int) (TemporarySummon.cpp:47)
==1357== by 0x12E8194: Trinity::ObjectUpdater::Visit(GridRefManager<Creature>&) (GridNotifiersImpl.h:45)
==1357== by 0x12F31BD: void VisitorHelper<Trinity::ObjectUpdater, Creature>(Trinity::ObjectUpdater&, ContainerMapList<Creature>&) (TypeContainerVisitor.h:64)
==1357== by 0x12F2CCB: void VisitorHelper<Trinity::ObjectUpdater, Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > >(Trinity::ObjectUpdater&, ContainerMapList<TypeList<Creature, TypeList<DynamicObject, TypeList<Corpse, TypeNull> > > >&) (TypeContainerVisitor
| -rw-r--r-- | src/server/game/AI/CoreAI/CombatAI.cpp | 15 | ||||
| -rw-r--r-- | src/server/game/AI/CoreAI/CombatAI.h | 1 |
2 files changed, 10 insertions, 6 deletions
diff --git a/src/server/game/AI/CoreAI/CombatAI.cpp b/src/server/game/AI/CoreAI/CombatAI.cpp index 85088bbeff4..e08bd65c091 100644 --- a/src/server/game/AI/CoreAI/CombatAI.cpp +++ b/src/server/game/AI/CoreAI/CombatAI.cpp @@ -272,7 +272,7 @@ void TurretAI::UpdateAI(uint32 /*diff*/) //VehicleAI ////////////// -VehicleAI::VehicleAI(Creature* c) : CreatureAI(c), m_vehicle(c->GetVehicleKit()), m_IsVehicleInUse(false), m_ConditionsTimer(VEHICLE_CONDITION_CHECK_TIME) +VehicleAI::VehicleAI(Creature* c) : CreatureAI(c), m_IsVehicleInUse(false), m_ConditionsTimer(VEHICLE_CONDITION_CHECK_TIME) { LoadConditions(); m_DoDismiss = false; @@ -291,7 +291,9 @@ void VehicleAI::UpdateAI(uint32 diff) m_DoDismiss = false; me->SetVisible(false); me->DespawnOrUnsummon(); - }else m_DismissTimer -= diff; + } + else + m_DismissTimer -= diff; } } @@ -310,6 +312,7 @@ void VehicleAI::OnCharmed(bool apply) } else if (apply) m_DoDismiss = false;//in use again + m_DismissTimer = VEHICLE_DISMISS_TIME;//reset timer m_IsVehicleInUse = apply; } @@ -327,8 +330,8 @@ void VehicleAI::CheckConditions(const uint32 diff) { if (!conditions.empty()) { - for (SeatMap::iterator itr = m_vehicle->Seats.begin(); itr != m_vehicle->Seats.end(); ++itr) - if (Unit* passenger = ObjectAccessor::GetUnit(*m_vehicle->GetBase(), itr->second.Passenger.Guid)) + for (SeatMap::iterator itr = me->GetVehicleKit()->Seats.begin(); itr != me->GetVehicleKit()->Seats.end(); ++itr) + if (Unit* passenger = ObjectAccessor::GetUnit(*me, itr->second.Passenger.Guid)) { if (Player* player = passenger->ToPlayer()) { @@ -341,5 +344,7 @@ void VehicleAI::CheckConditions(const uint32 diff) } } m_ConditionsTimer = VEHICLE_CONDITION_CHECK_TIME; - } else m_ConditionsTimer -= diff; + } + else + m_ConditionsTimer -= diff; } diff --git a/src/server/game/AI/CoreAI/CombatAI.h b/src/server/game/AI/CoreAI/CombatAI.h index 315ff861da9..11dfe7baed4 100644 --- a/src/server/game/AI/CoreAI/CombatAI.h +++ b/src/server/game/AI/CoreAI/CombatAI.h @@ -105,7 +105,6 @@ struct VehicleAI : public CreatureAI void OnCharmed(bool apply); private: - Vehicle* m_vehicle; bool m_IsVehicleInUse; void LoadConditions(); void CheckConditions(const uint32 diff); |