Skip to content

Commit

Permalink
Fix use after free with gm commands.
Browse files Browse the repository at this point in the history
The amazing thing is it wasn't crashing on windows, even though 'text' was a pointer inside the packet buffer.
  • Loading branch information
ratkosrb committed Oct 17, 2023
1 parent 380a8b8 commit 6187d45
Showing 1 changed file with 2 additions and 4 deletions.
6 changes: 2 additions & 4 deletions src/game/Chat/Chat.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -1711,8 +1711,6 @@ ChatCommandSearchResult ChatHandler::FindCommand(ChatCommand* table, char const*
*/
void ChatHandler::ExecuteCommand(char const* text)
{
std::string fullcmd = text; // original `text` can't be used. It content destroyed in command code processing.

ChatCommand* command = nullptr;
ChatCommand* parentCommand = nullptr;

Expand Down Expand Up @@ -1888,14 +1886,14 @@ bool ChatHandler::ParseCommands(char const* text)
// because the chat packet handler can run asynchronously
if (m_session)
{
sWorld.GetMessager().AddMessage([text, accountId = m_session->GetAccountId(), sessionGuid = m_session->GetGUID()](World* world)
sWorld.GetMessager().AddMessage([txt = std::string(text), accountId = m_session->GetAccountId(), sessionGuid = m_session->GetGUID()](World* world)
{
if (WorldSession* session = world->FindSession(accountId))
{
if (session->GetGUID() == sessionGuid)
{
ChatHandler handler(session);
handler.ExecuteCommand(text);
handler.ExecuteCommand(txt.c_str());
}
}
});
Expand Down

0 comments on commit 6187d45

Please sign in to comment.