diff options
| author | Campbell Barton <ideasman42@gmail.com> | 2015-06-15 13:56:44 +0300 |
|---|---|---|
| committer | Sergey Sharybin <sergey.vfx@gmail.com> | 2015-06-18 18:24:16 +0300 |
| commit | aa4ae796c8a7a19052614cf161e62fff49c856fe (patch) | |
| tree | a13a5a41d4371dde8dfcbe6b866e397bf7614b9d | |
| parent | f98ec7607f90b8aaa78ae2bedbf66fb691521a87 (diff) | |
BGE: fix use after free
| -rw-r--r-- | source/gameengine/Ketsji/KX_Scene.cpp | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/source/gameengine/Ketsji/KX_Scene.cpp b/source/gameengine/Ketsji/KX_Scene.cpp index 25755f7127b..49eda1d700a 100644 --- a/source/gameengine/Ketsji/KX_Scene.cpp +++ b/source/gameengine/Ketsji/KX_Scene.cpp @@ -1077,6 +1077,16 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj) group->RemoveInstanceObject(newobj); newobj->RemoveMeshes(); + + switch (newobj->GetGameObjectType()) { + case SCA_IObject::OBJ_CAMERA: + m_cameras.remove((KX_Camera *)newobj); + break; + case SCA_IObject::OBJ_TEXT: + m_fonts.remove((KX_FontObject *)newobj); + break; + } + ret = 1; if (newobj->GetGameObjectType()==SCA_IObject::OBJ_LIGHT && m_lightlist->RemoveValue(newobj)) ret = newobj->Release(); @@ -1092,7 +1102,10 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj) ret = newobj->Release(); if (m_animatedlist->RemoveValue(newobj)) ret = newobj->Release(); - + + /* Warning 'newobj' maye be freed now, only compare, don't access */ + + if (newobj == m_active_camera) { //no AddRef done on m_active_camera so no Release @@ -1100,12 +1113,6 @@ int KX_Scene::NewRemoveObject(class CValue* gameobj) m_active_camera = NULL; } - // in case this is a camera - m_cameras.remove((KX_Camera*)newobj); - - // in case this is a font - m_fonts.remove((KX_FontObject*)newobj); - /* currently does nothing, keep in case we need to Unregister something */ #if 0 if (m_sceneConverter) |