From 23d71340c9359842e673ed9f0298a0bd994d1438 Mon Sep 17 00:00:00 2001 From: David Markowitz <39972741+EmosewaMC@users.noreply.github.com> Date: Sun, 22 Oct 2023 14:53:54 -0700 Subject: [PATCH] Scripts: Fix possible nullptr access (#1232) unsure how to reproduce the actual bug, however we can see that with the following crash dump ``` Entity::GetComponent(eReplicaComponentType) const(+0x4) [0x56095665e634] BossSpiderQueenEnemyServer::OnDie(Entity*, Entity*)(+0x28d) [0x560956795d0d] Entity::Kill(Entity*)(+0xf8) [0x5609566637a8] ZoneAgProperty::BaseTimerDone(Entity*, std::string const&)(+0x89b) [0x56095683736b] Entity::Update(float)(+0x2b6) [0x560956662676] EntityManager::UpdateEntities(float)(+0x2e) [0x56095667305e] ``` that the actual crash issue starts at ``` Entity::Kill(Entity*)(+0xf8) [0x5609566637a8] ZoneAgProperty::BaseTimerDone(Entity*, std::string const&) ``` BaseTimerDone calls Kill, and there is only 1 call to Kill in the function which calls Kill no arguments, meaning the killer is a nullptr. This propogates its way to the BossSpiderQueenEnemyServer::OnDie wherein we blindly check the killer pointer without verifying that the pointer is actually valid. This patch simply checks that killer is valid before access to address the hole. --- dScripts/02_server/Enemy/AG/BossSpiderQueenEnemyServer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dScripts/02_server/Enemy/AG/BossSpiderQueenEnemyServer.cpp b/dScripts/02_server/Enemy/AG/BossSpiderQueenEnemyServer.cpp index 49359ed1..36923cad 100644 --- a/dScripts/02_server/Enemy/AG/BossSpiderQueenEnemyServer.cpp +++ b/dScripts/02_server/Enemy/AG/BossSpiderQueenEnemyServer.cpp @@ -52,7 +52,7 @@ void BossSpiderQueenEnemyServer::OnStartup(Entity* self) { } void BossSpiderQueenEnemyServer::OnDie(Entity* self, Entity* killer) { - if (Game::zoneManager->GetZoneID().GetMapID() == instanceZoneID) { + if (Game::zoneManager->GetZoneID().GetMapID() == instanceZoneID && killer) { auto* missionComponent = killer->GetComponent(); if (missionComponent == nullptr) return;