Instructions Jenkins Doxygen

[fixed] use after free in some lambdas 91/5391/3
authorVictor Popovici <theanswer@swgemu.com>
Fri, 17 Feb 2017 06:03:35 +0000 (07:03 +0100)
committerVictor Popovici <theanswer@swgemu.com>
Fri, 17 Feb 2017 06:25:47 +0000 (07:25 +0100)
Change-Id: Iaf77f5f207d603a39cdb1aaf3c40be50c121aa1c

MMOCoreORB/src/server/zone/objects/creature/damageovertime/DamageOverTime.cpp
MMOCoreORB/src/server/zone/objects/region/CityRegionImplementation.cpp
MMOCoreORB/src/server/zone/objects/tangible/terminal/components/OverrideTerminalMenuComponent.cpp
MMOCoreORB/src/server/zone/objects/tangible/terminal/components/PowerRegulatorMenuComponent.cpp
MMOCoreORB/src/server/zone/objects/tangible/terminal/components/SecurityTerminalMenuComponent.cpp

index 569ee7a..340d009 100644 (file)
@@ -186,8 +186,9 @@ uint32 DamageOverTime::doBleedingTick(CreatureObject* victim, CreatureObject* at
 
        Reference<CreatureObject*> attackerRef = attacker;
        Reference<CreatureObject*> victimRef = victim;
+       auto attribute = this->attribute;
 
-       Core::getTaskManager()->executeTask([=] () {
+       Core::getTaskManager()->executeTask([victimRef, attackerRef, attribute, damage] () {
                Locker locker(victimRef);
 
                Locker crossLocker(attackerRef, victimRef);
@@ -225,8 +226,10 @@ uint32 DamageOverTime::doFireTick(CreatureObject* victim, CreatureObject* attack
 
        Reference<CreatureObject*> attackerRef = attacker;
        Reference<CreatureObject*> victimRef = victim;
+       auto attribute = this->attribute;
+       auto secondaryStrength = this->secondaryStrength;
 
-       Core::getTaskManager()->executeTask([=] () {
+       Core::getTaskManager()->executeTask([victimRef, attackerRef, attribute, woundsToApply, secondaryStrength, damage] () {
                Locker locker(victimRef);
 
                Locker crossLocker(attackerRef, victimRef);
@@ -269,8 +272,9 @@ uint32 DamageOverTime::doPoisonTick(CreatureObject* victim, CreatureObject* atta
 
        Reference<CreatureObject*> attackerRef = attacker;
        Reference<CreatureObject*> victimRef = victim;
+       auto attribute = this->attribute;
 
-       Core::getTaskManager()->executeTask([=] () {
+       Core::getTaskManager()->executeTask([victimRef, attackerRef, attribute, damage] () {
                Locker locker(victimRef);
 
                Locker crossLocker(attackerRef, victimRef);
@@ -301,8 +305,10 @@ uint32 DamageOverTime::doDiseaseTick(CreatureObject* victim, CreatureObject* att
 
        Reference<CreatureObject*> attackerRef = attacker;
        Reference<CreatureObject*> victimRef = victim;
+       auto attribute = this->attribute;
+       auto strength = this->strength;
 
-       Core::getTaskManager()->executeTask([=] () {
+       Core::getTaskManager()->executeTask([victimRef, attackerRef, attribute, damage, strength] () {
                Locker locker(victimRef);
                Locker crossLocker(attackerRef, victimRef);
 
@@ -333,8 +339,10 @@ uint32 DamageOverTime::doForceChokeTick(CreatureObject* victim, CreatureObject*
 
        Reference<CreatureObject*> attackerRef = attacker;
        Reference<CreatureObject*> victimRef = victim;
+       auto attribute = this->attribute;
+       auto strength = this->strength;
 
-       Core::getTaskManager()->executeTask([=] () {
+       Core::getTaskManager()->executeTask([victimRef, attackerRef, attribute, strength] () {
                Locker locker(victimRef);
 
                Locker crossLocker(attackerRef, victimRef);
index a139908..fe65b3f 100644 (file)
@@ -481,8 +481,10 @@ void CityRegionImplementation::createNavRegion(const String& queue, bool forceRe
        if (navRegion != NULL) {
                RecastNavMesh* mesh = getNavMesh();
                if (mesh == NULL || !mesh->isLoaded()) {
+                       Reference<CityRegion*> strongRef = _this.getReferenceUnsafeStaticCast();
+
                        Core::getTaskManager()->executeTask([=] {
-                               updateNavmesh(navRegion->getBoundingBox(), queue);
+                               strongRef->updateNavmesh(navRegion->getBoundingBox(), queue);
                        }, "cityregion_navmesh_update");
                        return;
                }
index 0a60543..fc4387c 100644 (file)
@@ -88,12 +88,13 @@ int OverrideTerminalMenuComponent::handleObjectMenuSelect(SceneObject* sceneObje
        }
 
        player->sendSystemMessage("\"Retrieving new DNA sample...\"");
+       Reference<CreatureObject*> playerRef = player;
 
        Core::getTaskManager()->executeTask([=] () {
-               Locker locker(player);
-               Locker clocker(building, player);
+               Locker locker(playerRef);
+               Locker clocker(building, playerRef);
 
-               gcwMan->sendDNASampleMenu(player, building, overrideTerminal);
+               gcwMan->sendDNASampleMenu(playerRef, building, overrideTerminal);
        }, "SendDNASampleMenuLambda");
 
        return 0;
index d4adf72..495081d 100644 (file)
@@ -85,11 +85,13 @@ int PowerRegulatorMenuComponent::handleObjectMenuSelect(SceneObject* sceneObject
                return 1;
        }
 
+       Reference<CreatureObject*> playerRef = player;
+
        Core::getTaskManager()->executeTask([=] () {
-               Locker locker(player);
-               Locker clocker(building, player);
+               Locker locker(playerRef);
+               Locker clocker(building, playerRef);
 
-               gcwMan->sendPowerRegulatorControls(player, building, powerRegulator);
+               gcwMan->sendPowerRegulatorControls(playerRef, building, powerRegulator);
        }, "SendPowerRegulatorControlsLambda");
 
        return 0;
index 7269a39..da776a4 100644 (file)
@@ -71,8 +71,10 @@ int SecurityTerminalMenuComponent::handleObjectMenuSelect(SceneObject* sceneObje
                return 1;
 
        if (gcwMan->isTerminalDamaged(securityTerminal)) {
+               Reference<CreatureObject*> playerRef = player;
+
                Core::getTaskManager()->executeTask([=] () {
-                       gcwMan->repairTerminal(player, securityTerminal);
+                       gcwMan->repairTerminal(playerRef, securityTerminal);
                }, "RepairTerminalLambda");
 
        } else {