mirrors
/
OpenTTD
mirror of https://github.com/OpenTTD/OpenTTD.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix #7820: Heap use after free when removing oil rig

This commit is contained in:
Jonathan G Rennison 2019-11-02 21:11:46 +00:00 committed by Michael Lutz
parent 460f73cd2d
commit 2be619ea88
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/industry_cmd.cpp
View File

@ -146,6 +146,8 @@ Industry::~Industry()
* Also we must not decrement industry counts in that case. */
if (this->location.w == 0) return;
const bool has_neutral_station = this->neutral_station != nullptr;
TILE_AREA_LOOP(tile_cur, this->location) {
if (IsTileType(tile_cur, MP_INDUSTRY)) {
if (GetIndustryIndex(tile_cur) == this->index) {
@ -159,7 +161,7 @@ Industry::~Industry()
}
}
if (this->neutral_station != nullptr) {
if (has_neutral_station) {
/* Remove possible docking tiles */
TILE_AREA_LOOP(tile_cur, this->location) {
ClearDockingTilesCheckingNeighbours(tile_cur);

4
src/station_cmd.cpp
View File

@ -4172,6 +4172,10 @@ void DeleteOilRig(TileIndex tile)
/* The oil rig station is not supposed to be shared with anything else */
assert(st->facilities == (FACIL_AIRPORT | FACIL_DOCK) && st->airport.type == AT_OILRIG);
if (st->industry != nullptr && st->industry->neutral_station == st) {
/* Don't leave dangling neutral station pointer */
st->industry->neutral_station = nullptr;
}
delete st;
}