aboutsummaryrefslogtreecommitdiff
path: root/src/server
diff options
context:
space:
mode:
authorShauren <shauren.trinity@gmail.com>2023-08-23 11:03:52 +0200
committerShauren <shauren.trinity@gmail.com>2023-08-23 11:03:52 +0200
commit3e3968b63c4192b766de69c8f4744adba406c94b (patch)
tree5d272c75992f074de566a1ec541e0e22ec6aa016 /src/server
parent0a0b420d866f070d4b1208bb3c4451398797c6ef (diff)
Core/Units: Fixed possible use after free in ThreatManager
Closes #28830
Diffstat (limited to 'src/server')
-rw-r--r--src/server/game/Combat/ThreatManager.cpp10
-rw-r--r--src/server/game/Combat/ThreatManager.h4
2 files changed, 8 insertions, 6 deletions
diff --git a/src/server/game/Combat/ThreatManager.cpp b/src/server/game/Combat/ThreatManager.cpp
index 1c18292a295..e85ebd5dac2 100644
--- a/src/server/game/Combat/ThreatManager.cpp
+++ b/src/server/game/Combat/ThreatManager.cpp
@@ -20,6 +20,7 @@
#include "CombatPackets.h"
#include "CreatureAI.h"
#include "CreatureGroups.h"
+#include "MapUtils.h"
#include "MotionMaster.h"
#include "ObjectAccessor.h"
#include "Player.h"
@@ -78,7 +79,7 @@ void ThreatReference::UpdateOffline()
{
_online = ShouldBeSuppressed() ? ONLINE_STATE_SUPPRESSED : ONLINE_STATE_ONLINE;
HeapNotifyIncreased();
- _mgr.RegisterForAIUpdate(this);
+ _mgr.RegisterForAIUpdate(GetVictim()->GetGUID());
}
}
@@ -644,11 +645,12 @@ ThreatReference const* ThreatManager::ReselectVictim()
void ThreatManager::ProcessAIUpdates()
{
CreatureAI* ai = ASSERT_NOTNULL(_owner->ToCreature())->AI();
- std::vector<ThreatReference const*> v(std::move(_needsAIUpdate)); // _needsAIUpdate is now empty in case this triggers a recursive call
+ std::vector<ObjectGuid> v(std::move(_needsAIUpdate)); // _needsAIUpdate is now empty in case this triggers a recursive call
if (!ai)
return;
- for (ThreatReference const* ref : v)
- ai->JustStartedThreateningMe(ref->GetVictim());
+ for (ObjectGuid const& guid : v)
+ if (ThreatReference const* ref = Trinity::Containers::MapGetValuePtr(_myThreatListEntries, guid))
+ ai->JustStartedThreateningMe(ref->GetVictim());
}
// returns true if a is LOWER on the threat list than b
diff --git a/src/server/game/Combat/ThreatManager.h b/src/server/game/Combat/ThreatManager.h
index 8cc792b0c1f..b78a2e59b37 100644
--- a/src/server/game/Combat/ThreatManager.h
+++ b/src/server/game/Combat/ThreatManager.h
@@ -204,8 +204,8 @@ class TC_GAME_API ThreatManager
// AI notifies are delayed to ensure we are in a consistent state before we call out to arbitrary logic
// threat references might register themselves here when ::UpdateOffline() is called - MAKE SURE THIS IS PROCESSED JUST BEFORE YOU EXIT THREATMANAGER LOGIC
void ProcessAIUpdates();
- void RegisterForAIUpdate(ThreatReference const* ref) { _needsAIUpdate.push_back(ref); }
- std::vector<ThreatReference const*> _needsAIUpdate;
+ void RegisterForAIUpdate(ObjectGuid const& guid) { _needsAIUpdate.push_back(guid); }
+ std::vector<ObjectGuid> _needsAIUpdate;
// picks a new victim - called from ::Update periodically
void UpdateVictim();