diff options
| author | jackpoz <giacomopoz@gmail.com> | 2013-12-14 16:40:04 +0100 |
|---|---|---|
| committer | jackpoz <giacomopoz@gmail.com> | 2013-12-14 16:51:47 +0100 |
| commit | e28cc4660b9ea67dc4614899f6ffc844bbefce8a (patch) | |
| tree | 63906663923741af4e03189fef68ad495192bfe5 | |
| parent | 9d9d1fb6c68137c9bab839a04a1f40d16114dd6e (diff) | |
Core/Movement: Fix invalid memory access
Fix the stack implementation used in MotionMaster and added few sanity checks to ensure no underflows will be made.
Valgrind log:
Invalid read of size 8
at : MotionMaster::top() const (MotionMaster.h:115)
by : MotionMaster::pop() (MotionMaster.h:91)
by : MotionMaster::~MotionMaster() (MotionMaster.cpp:74)
by : Unit::~Unit() (Unit.cpp:296)
by : Player::~Player() (Player.cpp:880)
by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:665)
by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:516)
| -rw-r--r-- | src/server/game/Movement/MotionMaster.cpp | 7 | ||||
| -rw-r--r-- | src/server/game/Movement/MotionMaster.h | 24 |
2 files changed, 25 insertions, 6 deletions
diff --git a/src/server/game/Movement/MotionMaster.cpp b/src/server/game/Movement/MotionMaster.cpp index 6da798aaa17..e75e9dea6a8 100644 --- a/src/server/game/Movement/MotionMaster.cpp +++ b/src/server/game/Movement/MotionMaster.cpp @@ -130,6 +130,9 @@ void MotionMaster::DirectClean(bool reset) if (curr) DirectDelete(curr); } + if (empty()) + return; + if (needInitTop()) InitTop(); else if (reset) @@ -156,7 +159,7 @@ void MotionMaster::DirectExpire(bool reset) DirectDelete(curr); } - while (!top()) + while (!empty() && !top()) --_top; if (empty()) @@ -176,7 +179,7 @@ void MotionMaster::DelayedExpire() DelayedDelete(curr); } - while (!top()) + while (!empty() && !top()) --_top; } diff --git a/src/server/game/Movement/MotionMaster.h b/src/server/game/Movement/MotionMaster.h index 156813f56fb..f7ec1d8c169 100644 --- a/src/server/game/Movement/MotionMaster.h +++ b/src/server/game/Movement/MotionMaster.h @@ -87,13 +87,21 @@ class MotionMaster //: private std::stack<MovementGenerator *> void pop() { + if (empty()) + return; + Impl[_top] = NULL; - while (!top()) + while (!empty() && !top()) --_top; } void push(_Ty _Val) { ++_top; Impl[_top] = _Val; } - bool needInitTop() const { return _needInit[_top]; } + bool needInitTop() const + { + if (empty()) + return false; + return _needInit[_top]; + } void InitTop(); public: @@ -112,8 +120,16 @@ class MotionMaster //: private std::stack<MovementGenerator *> bool empty() const { return (_top < 0); } int size() const { return _top + 1; } - _Ty top() const { return Impl[_top]; } - _Ty GetMotionSlot(int slot) const { return Impl[slot]; } + _Ty top() const + { + ASSERT(!empty()); + return Impl[_top]; + } + _Ty GetMotionSlot(int slot) const + { + ASSERT(slot >= 0); + return Impl[slot]; + } void DirectDelete(_Ty curr); void DelayedDelete(_Ty curr); |