From 38699891ed0cee43686a8c8f49b1ab78c5f6bf67 Mon Sep 17 00:00:00 2001 From: Myk Taylor Date: Sat, 26 Apr 2025 12:21:28 -0700 Subject: [PATCH] change order of operations to avoid a use after free --- docs/changelog.txt | 1 + library/modules/Items.cpp | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/docs/changelog.txt b/docs/changelog.txt index 187467ac26..e1ddf8d47c 100644 --- a/docs/changelog.txt +++ b/docs/changelog.txt @@ -57,6 +57,7 @@ Template for new versions: ## Fixes - `getplants`: will no longer crash when faced with plants with growths that do not drop seeds when processed +- `gui/teleport`: adapt to new behavior in DF 51.11 to avoid a crash when teleporting items into mid-air ## Misc Improvements - All places where units are listed in DFHack tools now show the translated English name in addition to the native name. In particular, this makes units searchable by English name in `gui/sitemap`. diff --git a/library/modules/Items.cpp b/library/modules/Items.cpp index ff92b3cece..36d1748c5b 100644 --- a/library/modules/Items.cpp +++ b/library/modules/Items.cpp @@ -816,9 +816,12 @@ static bool detachItem(df::item *item) } } - if (auto ref = virtual_cast(Items::getGeneralRef(item, general_ref_type::PROJECTILE))) - return linked_list_remove(&world->projectiles.all, ref->projectile_id) - && removeRef(item->general_refs, general_ref_type::PROJECTILE, ref->getID()); + if (auto ref = virtual_cast(Items::getGeneralRef(item, general_ref_type::PROJECTILE))) { + auto proj_id = ref->projectile_id; + bool isRefRemoved = removeRef(item->general_refs, general_ref_type::PROJECTILE, proj_id); + bool isLinkRemoved = linked_list_remove(&world->projectiles.all, proj_id); + return isRefRemoved && isLinkRemoved; + } if (item->flags.bits.on_ground) { if (!removeItemOnGround(item))