diff options
| author | jackpoz <giacomopoz@gmail.com> | 2013-12-14 16:40:04 +0100 |
|---|---|---|
| committer | jackpoz <giacomopoz@gmail.com> | 2013-12-14 16:51:47 +0100 |
| commit | e28cc4660b9ea67dc4614899f6ffc844bbefce8a (patch) | |
| tree | 63906663923741af4e03189fef68ad495192bfe5 /src/server/game/Movement/MotionMaster.h | |
| parent | 9d9d1fb6c68137c9bab839a04a1f40d16114dd6e (diff) | |
Core/Movement: Fix invalid memory access
Fix the stack implementation used in MotionMaster and added few sanity checks to ensure no underflows will be made.
Valgrind log:
Invalid read of size 8
at : MotionMaster::top() const (MotionMaster.h:115)
by : MotionMaster::pop() (MotionMaster.h:91)
by : MotionMaster::~MotionMaster() (MotionMaster.cpp:74)
by : Unit::~Unit() (Unit.cpp:296)
by : Player::~Player() (Player.cpp:880)
by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:665)
by : WorldSession::HandleCharCreateCallback(Trinity::AutoPtr<PreparedResultSet, ACE_Thread_Mutex>, CharacterCreateInfo*) (CharacterHandler.cpp:516)
Diffstat (limited to 'src/server/game/Movement/MotionMaster.h')
| -rw-r--r-- | src/server/game/Movement/MotionMaster.h | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/server/game/Movement/MotionMaster.h b/src/server/game/Movement/MotionMaster.h index 156813f56fb..f7ec1d8c169 100644 --- a/src/server/game/Movement/MotionMaster.h +++ b/src/server/game/Movement/MotionMaster.h @@ -87,13 +87,21 @@ class MotionMaster //: private std::stack<MovementGenerator *> void pop() { + if (empty()) + return; + Impl[_top] = NULL; - while (!top()) + while (!empty() && !top()) --_top; } void push(_Ty _Val) { ++_top; Impl[_top] = _Val; } - bool needInitTop() const { return _needInit[_top]; } + bool needInitTop() const + { + if (empty()) + return false; + return _needInit[_top]; + } void InitTop(); public: @@ -112,8 +120,16 @@ class MotionMaster //: private std::stack<MovementGenerator *> bool empty() const { return (_top < 0); } int size() const { return _top + 1; } - _Ty top() const { return Impl[_top]; } - _Ty GetMotionSlot(int slot) const { return Impl[slot]; } + _Ty top() const + { + ASSERT(!empty()); + return Impl[_top]; + } + _Ty GetMotionSlot(int slot) const + { + ASSERT(slot >= 0); + return Impl[slot]; + } void DirectDelete(_Ty curr); void DelayedDelete(_Ty curr); |