Files
@ r25944:76ed289c5cb6
Branch filter:
Location: cpp/openttd-patchpack/source/media/openttd.2048.png
r25944:76ed289c5cb6
147.9 KiB
image/png
Fix: use-after-free after ClientNetworkCoordinatorSocketHandler::CloseAllConnections() (#9534)
The function clears all stun-handlers. This causes all of those
objects to be destroyed.
A handler can have a pending connecter, which was only killed in
case CloseConnection() was called. This is never the case when
the object is destroyed. In result, the connecter could finish
and cause a use-after-free by calling into the (now deleted)
handler.
The function clears all stun-handlers. This causes all of those
objects to be destroyed.
A handler can have a pending connecter, which was only killed in
case CloseConnection() was called. This is never the case when
the object is destroyed. In result, the connecter could finish
and cause a use-after-free by calling into the (now deleted)
handler.
