From e65a22ae9d15264453ea75db5d8246569b0d79d3 Mon Sep 17 00:00:00 2001 From: Adam Date: Fri, 31 Jul 2015 17:07:30 -0400 Subject: [PATCH] Fix use after free from unloading modules which are the last one holding onto an IdentifyRequest --- src/account.cpp | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/account.cpp b/src/account.cpp index e58ee1646..89c9c7909 100644 --- a/src/account.cpp +++ b/src/account.cpp @@ -73,8 +73,20 @@ void IdentifyRequest::ModuleUnload(Module *m) IdentifyRequest *ir = *it; ++it; - ir->Release(m); - if (ir->owner == m) + ir->holds.erase(m); + if (ir->holds.empty() && ir->dispatched) + { + if (!ir->success) + ir->OnFail(); delete ir; + continue; + } + + if (ir->owner == m) + { + if (!ir->success) + ir->OnFail(); + delete ir; + } } }