Skip to content
GitLab
    • GitLab: the DevOps platform
    • Explore GitLab
    • Install GitLab
    • How GitLab compares
    • Get started
    • GitLab docs
    • GitLab Learn
  • Pricing
  • Talk to an expert
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
    • Switch to GitLab Next
    Projects Groups Snippets
  • Sign up now
  • Login
  • Sign in / Register
  • A Armagetron Advanced
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 29
    • Issues 29
    • List
    • Boards
    • Service Desk
    • Milestones
    • Requirements
  • Merge requests 2
    • Merge requests 2
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Armagetron Advanced
  • Armagetron Advanced
  • Issues
  • #34
Closed
Open
Issue created Jul 21, 2020 by Manuel Moos@zmanuelOwner

Use after free in nNetObject::ClearKnows

nNetObject::TakeOwnership() does not properly what it claims, it forgets to set the owner.

Therefore, if the previously owning client quits while an object where TakeOwnership() has been called on and there is no other reference to that object, ClearKnows() executes an additional cleanup path (guarded by an owner check). In that path, a bounce smart pointer may destroy the object, but ClearKnows() still uses it afterwards.

Originally reported on Launchpad.

The 0.2.8.3 branch was affected still, the issue had been long fixed for 0.2.9.

Edited Jul 21, 2020 by Manuel Moos
Assignee
Assign to
Time tracking