diff options
| author | Jonathan G Rennison <j.g.rennison@gmail.com> | 2019-11-02 21:11:46 +0000 |
|---|---|---|
| committer | Michael Lutz <michi@icosahedron.de> | 2019-11-03 00:39:38 +0100 |
| commit | 2be619ea88837c6293129841511816c105b507a3 (patch) | |
| tree | 114a52786d3e41c3c65e7659d4cbd9f302eda912 | |
| parent | 460f73cd2d615e39079950a92956e81cbd42baea (diff) | |
| download | openttd-2be619ea88837c6293129841511816c105b507a3.tar.xz | |
Fix #7820: Heap use after free when removing oil rig
| -rw-r--r-- | src/industry_cmd.cpp | 4 | ||||
| -rw-r--r-- | src/station_cmd.cpp | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/src/industry_cmd.cpp b/src/industry_cmd.cpp index 4f11d1deb..b8f0f700b 100644 --- a/src/industry_cmd.cpp +++ b/src/industry_cmd.cpp @@ -146,6 +146,8 @@ Industry::~Industry() * Also we must not decrement industry counts in that case. */ if (this->location.w == 0) return; + const bool has_neutral_station = this->neutral_station != nullptr; + TILE_AREA_LOOP(tile_cur, this->location) { if (IsTileType(tile_cur, MP_INDUSTRY)) { if (GetIndustryIndex(tile_cur) == this->index) { @@ -159,7 +161,7 @@ Industry::~Industry() } } - if (this->neutral_station != nullptr) { + if (has_neutral_station) { /* Remove possible docking tiles */ TILE_AREA_LOOP(tile_cur, this->location) { ClearDockingTilesCheckingNeighbours(tile_cur); diff --git a/src/station_cmd.cpp b/src/station_cmd.cpp index 636b1c476..3abeb8711 100644 --- a/src/station_cmd.cpp +++ b/src/station_cmd.cpp @@ -4172,6 +4172,10 @@ void DeleteOilRig(TileIndex tile) /* The oil rig station is not supposed to be shared with anything else */ assert(st->facilities == (FACIL_AIRPORT | FACIL_DOCK) && st->airport.type == AT_OILRIG); + if (st->industry != nullptr && st->industry->neutral_station == st) { + /* Don't leave dangling neutral station pointer */ + st->industry->neutral_station = nullptr; + } delete st; } |