Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
  • Sign in / Register
A
Armagetron Advanced
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 16
    • Issues 16
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 1
    • Merge Requests 1
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • Armagetron Advanced
  • Armagetron Advanced
  • Issues
  • #34

Closed
Open
Opened Jul 21, 2020 by Manuel Moos@zmanuelOwner

Use after free in nNetObject::ClearKnows

nNetObject::TakeOwnership() does not properly what it claims, it forgets to set the owner.

Therefore, if the previously owning client quits while an object where TakeOwnership() has been called on and there is no other reference to that object, ClearKnows() executes an additional cleanup path (guarded by an owner check). In that path, a bounce smart pointer may destroy the object, but ClearKnows() still uses it afterwards.

Originally reported on Launchpad.

The 0.2.8.3 branch was affected still, the issue had been long fixed for 0.2.9.

Edited Jul 21, 2020 by Manuel Moos
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: armagetronad/armagetronad#34