Killing a monster with bullets crashes the game

Soviet5lo / SlashTHEM

Super Lotsa Added Stuff Hack - The Heavily Extended Mod: A variant of Slash'EM that adds a bunch of content.

30 stars 9 forks source link

Killing a monster with bullets crashes the game #57

Closed gebulmer closed 2 years ago

gebulmer commented 2 years ago

If thitmon in src/dothrow.c:1259 returns truthy the object may have already been freed

The code then sets thrownobj to be null but obj is still a pointer to the (now-freed) memory Immediately it reads from obj (read-after-free), and assuming the data still exists after being freed then immediately tries to free a second time which on many platforms including public servers crashes the game (double-free)

Soviet5lo commented 2 years ago

This was almost certainly introduced by this commit to fix a crash related to aklys throwing. This definitely needs to be fixed before June (assuming it takes part in Junethack this year). Not too much free time at the moment however due to projects at work, but I'll see if I can get something done.

transcendreamer commented 2 years ago

I confirm that firing with bullets crashes the game (but sometimes not).

Soviet5lo commented 2 years ago

This should be fixed in commit 688cbb09