aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorShauren <shauren.trinity@gmail.com>2013-10-01 22:06:39 +0200
committerShauren <shauren.trinity@gmail.com>2013-10-01 22:06:39 +0200
commit770f69d4e69b03e7ef19b550b6747bdbc86db04a (patch)
treed389b67157e8ba3acc84917ac83ae47ee3c4b1bb /src
parent8aa92ea2525c578b81c41cae1f714c4471cabeb9 (diff)
Core/Vehicles: Fixed calling Vehicle::Uninstall on freed memory
Valgrind log: ==7723== Invalid read of size 8 ==7723== at 0x10753CE: Vehicle::GetBase() const (Vehicle.h:51) ==7723== by 0x1072449: Vehicle::Uninstall() (Vehicle.cpp:159) ==7723== by 0x10B1E3C: Unit::RemoveVehicleKit() (Unit.cpp:15946) ==7723== by 0x10A8F32: Unit::RemoveFromWorld() (Unit.cpp:13441) ==7723== by 0x11A4703: Creature::RemoveFromWorld() (Creature.cpp:203) ==7723== by 0x11B9AB7: TempSummon::RemoveFromWorld() (TemporarySummon.cpp:279) ==7723== by 0x11B9C6C: Minion::RemoveFromWorld() (TemporarySummon.cpp:308) ==7723== by 0x10A917C: Unit::CleanupBeforeRemoveFromMap(bool) (Unit.cpp:13482) ==7723== by 0x10A926C: Unit::CleanupsBeforeDelete(bool) (Unit.cpp:13504) ==7723== by 0x12DBB89: Map::AddObjectToRemoveList(WorldObject*) (Map.cpp:2108) ==7723== by 0x10F4556: WorldObject::AddObjectToRemoveList() (Object.cpp:2140) ==7723== by 0x11B99C5: TempSummon::UnSummon(unsigned int) (TemporarySummon.cpp:256) ==7723== Address 0x3bd20530 is 64 bytes inside a block of size 168 free'd ==7723== at 0x4C2B59C: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7723== by 0x1071FD3: Vehicle::~Vehicle() (Vehicle.cpp:66) ==7723== by 0x10B1E71: Unit::RemoveVehicleKit() (Unit.cpp:15947) ==7723== by 0x10A8F32: Unit::RemoveFromWorld() (Unit.cpp:13441) ==7723== by 0x11A4703: Creature::RemoveFromWorld() (Creature.cpp:203) ==7723== by 0x11B9AB7: TempSummon::RemoveFromWorld() (TemporarySummon.cpp:279) ==7723== by 0x11B9C6C: Minion::RemoveFromWorld() (TemporarySummon.cpp:308) ==7723== by 0x10A917C: Unit::CleanupBeforeRemoveFromMap(bool) (Unit.cpp:13482) ==7723== by 0x10A926C: Unit::CleanupsBeforeDelete(bool) (Unit.cpp:13504) ==7723== by 0x12DBB89: Map::AddObjectToRemoveList(WorldObject*) (Map.cpp:2108) ==7723== by 0x10F4556: WorldObject::AddObjectToRemoveList() (Object.cpp:2140) ==7723== by 0x11B99C5: TempSummon::UnSummon(unsigned int) (TemporarySummon.cpp:256)
Diffstat (limited to 'src')
-rw-r--r--src/server/game/Entities/Unit/Unit.cpp7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/server/game/Entities/Unit/Unit.cpp b/src/server/game/Entities/Unit/Unit.cpp
index c34768c9851..7dccb471eae 100644
--- a/src/server/game/Entities/Unit/Unit.cpp
+++ b/src/server/game/Entities/Unit/Unit.cpp
@@ -15943,11 +15943,12 @@ void Unit::RemoveVehicleKit()
if (!m_vehicleKit)
return;
- m_vehicleKit->Uninstall();
- delete m_vehicleKit;
-
+ Vehicle* vehicle = m_vehicleKit;
m_vehicleKit = NULL;
+ vehicle->Uninstall();
+ delete vehicle;
+
m_updateFlag &= ~UPDATEFLAG_VEHICLE;
m_unitTypeMask &= ~UNIT_MASK_VEHICLE;
RemoveFlag(UNIT_NPC_FLAGS, UNIT_NPC_FLAG_SPELLCLICK);