From 444ec1e4128e68523f1bbf51aa03e8bf2006156c Mon Sep 17 00:00:00 2001 From: rubenwardy Date: Tue, 12 Mar 2019 07:56:56 +0000 Subject: [PATCH] HPChange Reason: Fix push after free, and type being overwritten (#8359) * HPChange Reason: Fix push after free, and type being overwritten Fixes #8227 and #8344 --- src/content_sao.h | 5 +++++ src/script/cpp_api/s_base.cpp | 14 +++++++++----- src/script/lua_api/l_object.cpp | 3 +++ 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/content_sao.h b/src/content_sao.h index 14f959e30..f54bc16c2 100644 --- a/src/content_sao.h +++ b/src/content_sao.h @@ -405,6 +405,11 @@ struct PlayerHPChangeReason { bool from_mod = false; int lua_reference = -1; + inline bool hasLuaReference() const + { + return lua_reference >= 0; + } + bool setTypeFromString(const std::string &typestr) { if (typestr == "set_hp") diff --git a/src/script/cpp_api/s_base.cpp b/src/script/cpp_api/s_base.cpp index bf89f748c..a8ed902dd 100644 --- a/src/script/cpp_api/s_base.cpp +++ b/src/script/cpp_api/s_base.cpp @@ -384,14 +384,18 @@ void ScriptApiBase::objectrefGetOrCreate(lua_State *L, void ScriptApiBase::pushPlayerHPChangeReason(lua_State *L, const PlayerHPChangeReason &reason) { - if (reason.lua_reference >= 0) { + if (reason.hasLuaReference()) lua_rawgeti(L, LUA_REGISTRYINDEX, reason.lua_reference); - luaL_unref(L, LUA_REGISTRYINDEX, reason.lua_reference); - } else + else lua_newtable(L); - lua_pushstring(L, reason.getTypeAsString().c_str()); - lua_setfield(L, -2, "type"); + lua_getfield(L, -1, "type"); + bool has_type = (bool)lua_isstring(L, -1); + lua_pop(L, 1); + if (!has_type) { + lua_pushstring(L, reason.getTypeAsString().c_str()); + lua_setfield(L, -2, "type"); + } lua_pushstring(L, reason.from_mod ? "mod" : "engine"); lua_setfield(L, -2, "from"); diff --git a/src/script/lua_api/l_object.cpp b/src/script/lua_api/l_object.cpp index 9edb2f4f8..b3ed39c7c 100644 --- a/src/script/lua_api/l_object.cpp +++ b/src/script/lua_api/l_object.cpp @@ -257,6 +257,9 @@ int ObjectRef::l_set_hp(lua_State *L) if (co->getType() == ACTIVEOBJECT_TYPE_PLAYER) getServer(L)->SendPlayerHPOrDie((PlayerSAO *)co, reason); + if (reason.hasLuaReference()) + luaL_unref(L, LUA_REGISTRYINDEX, reason.lua_reference); + // Return return 0; }