fly/flightgear
1
0
Fork 0
Code Activity

Fixed a number of use-after-free bugs with FGPositioneds

Browse source 
These were due to converting FGPositionedRef to FGPositioned*
and then again packing the pointer into another ref-counted
FGPositionedRef.
This commit is contained in:
Szymon Acedański 2017-02-25 14:48:54 +01:00
parent d401a50e0a
commit e1668a2919
3 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/Navaids/NavDataCache.cxx
View file

@ -1706,7 +1706,7 @@ FGPositionedRef NavDataCache::loadById(PositionedID rowid)
} }
sqlite3_int64 aptId; sqlite3_int64 aptId;
FGPositioned* pos = d->loadById(rowid, aptId); FGPositionedRef pos = d->loadById(rowid, aptId);
d->cache.insert(it, PositionedCache::value_type(rowid, pos)); d->cache.insert(it, PositionedCache::value_type(rowid, pos));
d->cacheMisses++; d->cacheMisses++;
@ -1933,7 +1933,7 @@ FGPositionedRef NavDataCache::findClosestWithIdent( const string& aIdent,
FGPositionedRef result; FGPositionedRef result;
while (d->stepSelect(d->findClosestWithIdent)) { while (d->stepSelect(d->findClosestWithIdent)) {
FGPositioned* pos = loadById(sqlite3_column_int64(d->findClosestWithIdent, 0)); FGPositionedRef pos = loadById(sqlite3_column_int64(d->findClosestWithIdent, 0));
if (aFilter && !aFilter->pass(pos)) { if (aFilter && !aFilter->pass(pos)) {
continue; continue;
} }
@ -2073,7 +2073,7 @@ NavDataCache::findCommByFreq(int freqKhz, const SGGeod& aPos, FGPositioned::Filt
FGPositionedRef result; FGPositionedRef result;
while (d->execSelect(d->findCommByFreq)) { while (d->execSelect(d->findCommByFreq)) {
FGPositioned* p = loadById(sqlite3_column_int64(d->findCommByFreq, 0)); FGPositionedRef p = loadById(sqlite3_column_int64(d->findCommByFreq, 0));
if (aFilter && !aFilter->pass(p)) { if (aFilter && !aFilter->pass(p)) {
continue; continue;
} }

4
src/Navaids/positioned.cxx
View file

@ -85,7 +85,7 @@ FGPositioned::~FGPositioned()
{ {
} }
FGPositioned* FGPositionedRef
FGPositioned::createUserWaypoint(const std::string& aIdent, const SGGeod& aPos) FGPositioned::createUserWaypoint(const std::string& aIdent, const SGGeod& aPos)
{ {
NavDataCache* cache = NavDataCache::instance(); NavDataCache* cache = NavDataCache::instance();
@ -93,7 +93,7 @@ FGPositioned::createUserWaypoint(const std::string& aIdent, const SGGeod& aPos)
FGPositionedList existing = cache->findAllWithIdent(aIdent, &filter, true); FGPositionedList existing = cache->findAllWithIdent(aIdent, &filter, true);
if (!existing.empty()) { if (!existing.empty()) {
SG_LOG(SG_NAVAID, SG_WARN, "attempt to insert duplicate WAYPOINT:" << aIdent); SG_LOG(SG_NAVAID, SG_WARN, "attempt to insert duplicate WAYPOINT:" << aIdent);
return existing.front().ptr(); return existing.front();
} }
PositionedID id = cache->createPOI(WAYPOINT, aIdent, aPos); PositionedID id = cache->createPOI(WAYPOINT, aIdent, aPos);

2
src/Navaids/positioned.hxx
View file

@ -269,7 +269,7 @@ public:
*/ */
static const char* nameForType(Type aTy); static const char* nameForType(Type aTy);
static FGPositioned* createUserWaypoint(const std::string& aIdent, const SGGeod& aPos); static FGPositionedRef createUserWaypoint(const std::string& aIdent, const SGGeod& aPos);
static bool deleteUserWaypoint(const std::string& aIdent); static bool deleteUserWaypoint(const std::string& aIdent);
protected: protected:
friend class flightgear::NavDataCache; friend class flightgear::NavDataCache;