Core/Movement: Fix invalid memory access

Fix the stack implementation used in MotionMaster and added few sanity checks to ensure no underflows will be made.

Valgrind log:
 Invalid read of size 8
  at : MotionMaster::top() const (MotionMaster.h:115)
  by : MotionMaster::pop() (MotionMaster.h:91)
  by : MotionMaster::~MotionMaster() (MotionMaster.cpp:74)
  by : Unit::~Unit() (Unit.cpp:296)
  by : Player::~Player() (Player.cpp:880)
  by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:665)
  by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:516)

1 files changed, 5 insertions, 2 deletions

diff --git a/src/server/game/Movement/MotionMaster.cpp b/src/server/game/Movement/MotionMaster.cpp
index 6da798aaa17..e75e9dea6a8 100644
--- a/src/server/game/Movement/MotionMaster.cpp
+++ b/src/server/game/Movement/MotionMaster.cpp
@@ -130,6 +130,9 @@ void MotionMaster::DirectClean(bool reset)
         if (curr) DirectDelete(curr);
     }
 
+    if (empty())
+        return;
+
     if (needInitTop())
         InitTop();
     else if (reset)
@@ -156,7 +159,7 @@ void MotionMaster::DirectExpire(bool reset)
         DirectDelete(curr);
     }
 
-    while (!top())
+    while (!empty() && !top())
         --_top;
 
     if (empty())
@@ -176,7 +179,7 @@ void MotionMaster::DelayedExpire()
         DelayedDelete(curr);
     }
 
-    while (!top())
+    while (!empty() && !top())
         --_top;
 }