Browse Source

SittingModifier potential null dereference

Observed when linking in on DS: if an avatar sits at a sitting mod, that
SO is not loaded yet. Boom!
Adam Johnson 10 years ago
parent
commit
aad64cc06f
  1. 54
      Sources/Plasma/PubUtilLib/plAvatar/plSittingModifier.cpp

54
Sources/Plasma/PubUtilLib/plAvatar/plSittingModifier.cpp

@ -156,30 +156,32 @@ bool plSittingModifier::MsgReceive(plMessage *msg)
// own notify messages -- // own notify messages --
plKey avatarKey = notifyMsg->GetAvatarKey(); plKey avatarKey = notifyMsg->GetAvatarKey();
plSceneObject * obj = plSceneObject::ConvertNoRef(avatarKey->ObjectIsLoaded()); plSceneObject * obj = plSceneObject::ConvertNoRef(avatarKey->ObjectIsLoaded());
const plArmatureMod * avMod = (plArmatureMod*)obj->GetModifierByType(plArmatureMod::Index()); if (obj) {
plAvBrainHuman *brain = (avMod ? plAvBrainHuman::ConvertNoRef(avMod->GetCurrentBrain()) : nil); const plArmatureMod * avMod = (plArmatureMod*)obj->GetModifierByType(plArmatureMod::Index());
if (brain && !brain->IsRunningTask()) plAvBrainHuman *brain = (avMod ? plAvBrainHuman::ConvertNoRef(avMod->GetCurrentBrain()) : nil);
{ if (brain && !brain->IsRunningTask())
plNotifyMsg *notifyEnter = new plNotifyMsg(); // a message to send back when the brain starts
notifyEnter->fState = 1.0f; // it's an "on" event
ISetupNotify(notifyEnter, notifyMsg); // copy events and address to sender
plNotifyMsg *notifyExit = nil;
if (avatarKey == plNetClientApp::GetInstance()->GetLocalPlayerKey())
{ {
notifyExit = new plNotifyMsg(); // a new message to send back when the brain's done plNotifyMsg *notifyEnter = new plNotifyMsg(); // a message to send back when the brain starts
notifyExit->fState = 0.0f; // it's an "off" event notifyEnter->fState = 1.0f; // it's an "on" event
ISetupNotify(notifyExit, notifyMsg); // copy events and address to sender ISetupNotify(notifyEnter, notifyMsg); // copy events and address to sender
notifyExit->AddReceiver(GetKey()); // have this message come back to us as well
plNotifyMsg *notifyExit = nil;
// A player may have joined while we're sitting. We can't update them with the exit notify at if (avatarKey == plNetClientApp::GetInstance()->GetLocalPlayerKey())
// that point (security hole), so instead the local avatar sends the message out to everybody {
// when done. notifyExit = new plNotifyMsg(); // a new message to send back when the brain's done
notifyExit->SetBCastFlag(plMessage::kNetStartCascade, false); notifyExit->fState = 0.0f; // it's an "off" event
notifyExit->SetBCastFlag(plMessage::kNetPropagate, true); ISetupNotify(notifyExit, notifyMsg); // copy events and address to sender
notifyExit->SetBCastFlag(plMessage::kNetForce, true); notifyExit->AddReceiver(GetKey()); // have this message come back to us as well
// A player may have joined while we're sitting. We can't update them with the exit notify at
// that point (security hole), so instead the local avatar sends the message out to everybody
// when done.
notifyExit->SetBCastFlag(plMessage::kNetStartCascade, false);
notifyExit->SetBCastFlag(plMessage::kNetPropagate, true);
notifyExit->SetBCastFlag(plMessage::kNetForce, true);
}
Trigger(avMod, notifyEnter, notifyExit);
} }
Trigger(avMod, notifyEnter, notifyExit);
} }
} }
// eat the message either way // eat the message either way
@ -196,10 +198,12 @@ bool plSittingModifier::MsgReceive(plMessage *msg)
{ {
plKey avatarKey = notifyMsg->GetAvatarKey(); plKey avatarKey = notifyMsg->GetAvatarKey();
plSceneObject * obj = plSceneObject::ConvertNoRef(avatarKey->ObjectIsLoaded()); plSceneObject * obj = plSceneObject::ConvertNoRef(avatarKey->ObjectIsLoaded());
plArmatureMod * avMod = (plArmatureMod*)obj->GetModifierByType(plArmatureMod::Index()); if (obj) {
plArmatureMod * avMod = (plArmatureMod*)obj->GetModifierByType(plArmatureMod::Index());
uint32_t flags = kBCastToClients | kUseRelevanceRegions | kForceFullSend; uint32_t flags = kBCastToClients | kUseRelevanceRegions | kForceFullSend;
avMod->DirtyPhysicalSynchState(flags); avMod->DirtyPhysicalSynchState(flags);
}
} }
} }
} }

Loading…
Cancel
Save