Fix depot memory leak (#4879)

nekiro · web-flow · commit 8d79ba472b29 · 2024-12-22T22:28:50.000+01:00
diff --git a/src/container.cpp b/src/container.cpp
@@ -692,6 +692,15 @@ void Container::postRemoveNotification(Thing* thing, const Cylinder* newParent,
 	}
 }
 
+void Container::internalRemoveThing(Thing* thing)
+{
+	auto cit = std::find(itemlist.begin(), itemlist.end(), thing);
+	if (cit == itemlist.end()) {
+		return;
+	}
+	itemlist.erase(cit);
+}
+
 void Container::internalAddThing(Thing* thing) { internalAddThing(0, thing); }
 
 void Container::internalAddThing(uint32_t, Thing* thing)
diff --git a/src/container.h b/src/container.h
@@ -111,6 +111,7 @@ class Container : public Item, public Cylinder
 	void postRemoveNotification(Thing* thing, const Cylinder* newParent, int32_t index,
 	                            cylinderlink_t link = LINK_OWNER) override;
 
+	void internalRemoveThing(Thing* thing) override final;
 	void internalAddThing(Thing* thing) override final;
 	void internalAddThing(uint32_t index, Thing* thing) override final;
 	void startDecaying() override final;
diff --git a/src/cylinder.cpp b/src/cylinder.cpp
@@ -22,6 +22,11 @@ std::map<uint32_t, uint32_t>& Cylinder::getAllItemTypeCount(std::map<uint32_t, u
 
 Thing* Cylinder::getThing(size_t) const { return nullptr; }
 
+void Cylinder::internalRemoveThing(Thing*)
+{
+	//
+}
+
 void Cylinder::internalAddThing(Thing*)
 {
 	//
diff --git a/src/cylinder.h b/src/cylinder.h
@@ -174,6 +174,12 @@ class Cylinder : virtual public Thing
 	 */
 	virtual std::map<uint32_t, uint32_t>& getAllItemTypeCount(std::map<uint32_t, uint32_t>& countMap) const;
 
+	/**
+	 * Removes an object from the cylinder without sending to the client(s)
+	 * \param thing is the object to add
+	 */
+	virtual void internalRemoveThing(Thing* thing);
+
 	/**
 	 * Adds an object to the cylinder without sending to the client(s)
 	 * \param thing is the object to add
diff --git a/src/depotchest.h b/src/depotchest.h
@@ -6,6 +6,9 @@
 
 #include "container.h"
 
+class DepotChest;
+using DepotChest_ptr = std::shared_ptr<DepotChest>;
+
 class DepotChest final : public Container
 {
 public:
diff --git a/src/game.cpp b/src/game.cpp
@@ -5565,7 +5565,7 @@ std::vector<Item*> Game::getMarketItemList(uint16_t wareId, uint16_t sufficientC
 
 	for (const auto& chest : player.depotChests) {
 		if (!chest.second->empty()) {
-			containers.push_front(chest.second);
+			containers.push_front(chest.second.get());
 		}
 	}
 
diff --git a/src/iologindata.cpp b/src/iologindata.cpp
@@ -410,8 +410,7 @@ bool IOLoginData::loadPlayer(Player* player, DBResult_ptr result)
 
 			int32_t pid = pair.second;
 			if (pid >= 0 && pid < 100) {
-				DepotChest* depotChest = player->getDepotChest(pid, true);
-				if (depotChest) {
+				if (const auto& depotChest = player->getDepotChest(pid, true)) {
 					depotChest->internalAddThing(item);
 				}
 			} else {
diff --git a/src/luascript.cpp b/src/luascript.cpp
@@ -9087,10 +9087,10 @@ int LuaScriptInterface::luaPlayerGetDepotChest(lua_State* L)
 
 	uint32_t depotId = tfs::lua::getNumber<uint32_t>(L, 2);
 	bool autoCreate = tfs::lua::getBoolean(L, 3, false);
-	DepotChest* depotChest = player->getDepotChest(depotId, autoCreate);
+	const auto& depotChest = player->getDepotChest(depotId, autoCreate);
 	if (depotChest) {
-		tfs::lua::pushUserdata<Item>(L, depotChest);
-		tfs::lua::setItemMetatable(L, -1, depotChest);
+		pushSharedPtr(L, depotChest);
+		tfs::lua::setItemMetatable(L, -1, depotChest.get());
 	} else {
 		tfs::lua::pushBoolean(L, false);
 	}
diff --git a/src/player.cpp b/src/player.cpp
@@ -57,6 +57,14 @@ Player::~Player()
 		}
 	}
 
+	for (const auto& [_, depot] : depotChests) {
+		if (Cylinder* parent = depot->getRealParent()) {
+			// remove chest from depot locker, because of possible double free when shared_ptr decides to free up the
+			// resource
+			parent->internalRemoveThing(depot.get());
+		}
+	}
+
 	if (depotLocker) {
 		depotLocker->removeInbox(inbox.get());
 	}
@@ -808,7 +816,7 @@ bool Player::isNearDepotBox() const
 	return false;
 }
 
-DepotChest* Player::getDepotChest(uint32_t depotId, bool autoCreate)
+DepotChest_ptr Player::getDepotChest(uint32_t depotId, bool autoCreate)
 {
 	auto it = depotChests.find(depotId);
 	if (it != depotChests.end()) {
@@ -824,9 +832,10 @@ DepotChest* Player::getDepotChest(uint32_t depotId, bool autoCreate)
 		return nullptr;
 	}
 
-	it = depotChests.emplace(depotId, new DepotChest(depotItemId)).first;
-	it->second->setMaxDepotItems(getMaxDepotItems());
-	return it->second;
+	const DepotChest_ptr& depotChest =
+	    depotChests.emplace(depotId, std::make_shared<DepotChest>(depotItemId)).first->second;
+	depotChest->setMaxDepotItems(getMaxDepotItems());
+	return depotChest;
 }
 
 DepotLocker& Player::getDepotLocker()
@@ -839,8 +848,8 @@ DepotLocker& Player::getDepotLocker()
 		DepotChest* depotChest = new DepotChest(ITEM_DEPOT, false);
 		// adding in reverse to align them from first to last
 		for (int16_t depotId = depotChest->capacity(); depotId >= 0; --depotId) {
-			if (DepotChest* box = getDepotChest(depotId, true)) {
-				depotChest->internalAddThing(box);
+			if (const auto& box = getDepotChest(depotId, true)) {
+				depotChest->internalAddThing(box.get());
 			}
 		}
 
@@ -3199,7 +3208,7 @@ void Player::postRemoveNotification(Thing* thing, const Cylinder* newParent, int
 					bool isOwner = false;
 
 					for (const auto& it : depotChests) {
-						if (it.second == depotChest) {
+						if (it.second.get() == depotChest) {
 							isOwner = true;
 							onSendContainer(container);
 						}
diff --git a/src/player.h b/src/player.h
@@ -6,6 +6,7 @@
 
 #include "creature.h"
 #include "cylinder.h"
+#include "depotchest.h"
 #include "depotlocker.h"
 #include "enums.h"
 #include "groups.h"
@@ -15,7 +16,6 @@
 #include "town.h"
 #include "vocation.h"
 
-class DepotChest;
 class House;
 struct Mount;
 class NetworkMessage;
@@ -363,7 +363,7 @@ class Player final : public Creature, public Cylinder
 	void addConditionSuppressions(uint32_t conditions);
 	void removeConditionSuppressions(uint32_t conditions);
 
-	DepotChest* getDepotChest(uint32_t depotId, bool autoCreate);
+	DepotChest_ptr getDepotChest(uint32_t depotId, bool autoCreate);
 	DepotLocker& getDepotLocker();
 	void onReceiveMail() const;
 	bool isNearDepotBox() const;
@@ -1174,7 +1174,7 @@ class Player final : public Creature, public Cylinder
 	std::unordered_set<uint32_t> VIPList;
 
 	std::map<uint8_t, OpenContainer> openContainers;
-	std::map<uint32_t, DepotChest*> depotChests;
+	std::map<uint32_t, DepotChest_ptr> depotChests;
 
 	std::map<uint16_t, uint8_t> outfits;
 	std::unordered_set<uint16_t> mounts;
diff --git a/src/protocolgame.cpp b/src/protocolgame.cpp
@@ -2104,7 +2104,7 @@ void ProtocolGame::sendMarketEnter()
 
 	for (const auto& chest : player->depotChests) {
 		if (!chest.second->empty()) {
-			containerList.push_front(chest.second);
+			containerList.push_front(chest.second.get());
 		}
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -692,6 +692,15 @@ void Container::postRemoveNotification(Thing* thing, const Cylinder* newParent,`
`692`	`692`	`}`
`693`	`693`	`}`
`694`	`694`
	`695`	`+void Container::internalRemoveThing(Thing* thing)`
	`696`	`+{`
	`697`	`+ auto cit = std::find(itemlist.begin(), itemlist.end(), thing);`
	`698`	`+ if (cit == itemlist.end()) {`
	`699`	`+ return;`
	`700`	`+ }`
	`701`	`+ itemlist.erase(cit);`
	`702`	`+}`
	`703`	`+`
`695`	`704`	`void Container::internalAddThing(Thing* thing) { internalAddThing(0, thing); }`
`696`	`705`
`697`	`706`	`void Container::internalAddThing(uint32_t, Thing* thing)`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,9 @@`
`6`	`6`
`7`	`7`	`#include "container.h"`
`8`	`8`
	`9`	`+class DepotChest;`
	`10`	`+using DepotChest_ptr = std::shared_ptr<DepotChest>;`
	`11`	`+`
`9`	`12`	`class DepotChest final : public Container`
`10`	`13`	`{`
`11`	`14`	`public:`
Original file line number	Diff line number	Diff line change
`@@ -5565,7 +5565,7 @@ std::vector<Item*> Game::getMarketItemList(uint16_t wareId, uint16_t sufficientC`
`5565`	`5565`
`5566`	`5566`	`for (const auto& chest : player.depotChests) {`
`5567`	`5567`	`if (!chest.second->empty()) {`
`5568`		`- containers.push_front(chest.second);`
	`5568`	`+ containers.push_front(chest.second.get());`
`5569`	`5569`	`}`
`5570`	`5570`	`}`
`5571`	`5571`
Original file line number	Diff line number	Diff line change
`@@ -410,8 +410,7 @@ bool IOLoginData::loadPlayer(Player* player, DBResult_ptr result)`
`410`	`410`
`411`	`411`	`int32_t pid = pair.second;`
`412`	`412`	`if (pid >= 0 && pid < 100) {`
`413`		`- DepotChest* depotChest = player->getDepotChest(pid, true);`
`414`		`- if (depotChest) {`
	`413`	`+ if (const auto& depotChest = player->getDepotChest(pid, true)) {`
`415`	`414`	`depotChest->internalAddThing(item);`
`416`	`415`	`}`
`417`	`416`	`} else {`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,14 @@ Player::~Player()`
`57`	`57`	`}`
`58`	`58`	`}`
`59`	`59`
	`60`	`+ for (const auto& [_, depot] : depotChests) {`
	`61`	`+ if (Cylinder* parent = depot->getRealParent()) {`
	`62`	`+ // remove chest from depot locker, because of possible double free when shared_ptr decides to free up the`
	`63`	`+ // resource`
	`64`	`+ parent->internalRemoveThing(depot.get());`
	`65`	`+ }`
	`66`	`+ }`
	`67`	`+`
`60`	`68`	`if (depotLocker) {`
`61`	`69`	`depotLocker->removeInbox(inbox.get());`
`62`	`70`	`}`
`@@ -808,7 +816,7 @@ bool Player::isNearDepotBox() const`
`808`	`816`	`return false;`
`809`	`817`	`}`
`810`	`818`
`811`		`-DepotChest* Player::getDepotChest(uint32_t depotId, bool autoCreate)`
	`819`	`+DepotChest_ptr Player::getDepotChest(uint32_t depotId, bool autoCreate)`
`812`	`820`	`{`
`813`	`821`	`auto it = depotChests.find(depotId);`
`814`	`822`	`if (it != depotChests.end()) {`
`@@ -824,9 +832,10 @@ DepotChest* Player::getDepotChest(uint32_t depotId, bool autoCreate)`
`824`	`832`	`return nullptr;`
`825`	`833`	`}`
`826`	`834`
`827`		`- it = depotChests.emplace(depotId, new DepotChest(depotItemId)).first;`
`828`		`- it->second->setMaxDepotItems(getMaxDepotItems());`
`829`		`- return it->second;`
	`835`	`+ const DepotChest_ptr& depotChest =`
	`836`	`+ depotChests.emplace(depotId, std::make_shared<DepotChest>(depotItemId)).first->second;`
	`837`	`+ depotChest->setMaxDepotItems(getMaxDepotItems());`
	`838`	`+ return depotChest;`
`830`	`839`	`}`
`831`	`840`
`832`	`841`	`DepotLocker& Player::getDepotLocker()`
`@@ -839,8 +848,8 @@ DepotLocker& Player::getDepotLocker()`
`839`	`848`	`DepotChest* depotChest = new DepotChest(ITEM_DEPOT, false);`
`840`	`849`	`// adding in reverse to align them from first to last`
`841`	`850`	`for (int16_t depotId = depotChest->capacity(); depotId >= 0; --depotId) {`
`842`		`- if (DepotChest* box = getDepotChest(depotId, true)) {`
`843`		`- depotChest->internalAddThing(box);`
	`851`	`+ if (const auto& box = getDepotChest(depotId, true)) {`
	`852`	`+ depotChest->internalAddThing(box.get());`
`844`	`853`	`}`
`845`	`854`	`}`
`846`	`855`
`@@ -3199,7 +3208,7 @@ void Player::postRemoveNotification(Thing* thing, const Cylinder* newParent, int`
`3199`	`3208`	`bool isOwner = false;`
`3200`	`3209`
`3201`	`3210`	`for (const auto& it : depotChests) {`
`3202`		`- if (it.second == depotChest) {`
	`3211`	`+ if (it.second.get() == depotChest) {`
`3203`	`3212`	`isOwner = true;`
`3204`	`3213`	`onSendContainer(container);`
`3205`	`3214`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2104,7 +2104,7 @@ void ProtocolGame::sendMarketEnter()`
`2104`	`2104`
`2105`	`2105`	`for (const auto& chest : player->depotChests) {`
`2106`	`2106`	`if (!chest.second->empty()) {`
`2107`		`- containerList.push_front(chest.second);`
	`2107`	`+ containerList.push_front(chest.second.get());`
`2108`	`2108`	`}`
`2109`	`2109`	`}`
`2110`	`2110`