Core/Spells: Fixed possible use after free with deleted focusObject (…

…#30062) * Core/Spells: Fixed possible use after free with deleted focusObject
TrinityCore · Jul 4, 2024 · 93ab97a · 93ab97a
1 parent 8130024
commit 93ab97a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/src/server/game/Spells/Spell.cpp b/src/server/game/Spells/Spell.cpp
@@ -5426,7 +5426,9 @@ SpellCastResult Spell::CheckCast(bool strict, uint32* param1 /*= nullptr*/, uint
     if (m_spellInfo->RequiresSpellFocus)
     {
         focusObject = SearchSpellFocus();
-        if (!focusObject)
+        if (focusObject)
+            m_focusObjectGUID = focusObject->GetGUID();
+        else
             return SPELL_FAILED_REQUIRES_SPELL_FOCUS;
     }
 
@@ -7284,6 +7286,9 @@ bool Spell::UpdatePointers()
             m_originalCaster = nullptr;
     }
 
+    if (m_focusObjectGUID)
+        focusObject = ObjectAccessor::GetGameObject(*m_caster, m_focusObjectGUID);
+
     if (m_castItemGUID && m_caster->GetTypeId() == TYPEID_PLAYER)
     {
         m_CastItem = m_caster->ToPlayer()->GetItemByGuid(m_castItemGUID);

diff --git a/src/server/game/Spells/Spell.h b/src/server/game/Spells/Spell.h
@@ -530,6 +530,7 @@ class TC_GAME_API Spell
         DynObjAura* _dynObjAura;
 
         // -------------------------------------------
+        ObjectGuid m_focusObjectGUID;
         GameObject* focusObject;
 
         // Damage and healing in effects need just calculate