From 392f25dcd1b4f317944dc6e19f1e1d73d2b14708 Mon Sep 17 00:00:00 2001 From: Architector #4 <23612841+Architector4@users.noreply.github.com> Date: Wed, 1 Oct 2025 21:34:20 +0300 Subject: [PATCH 1/2] LuaMan.cpp - fix use after free with script timing --- Source/Managers/LuaMan.cpp | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/Source/Managers/LuaMan.cpp b/Source/Managers/LuaMan.cpp index 0d74db4178..886ad5bc21 100644 --- a/Source/Managers/LuaMan.cpp +++ b/Source/Managers/LuaMan.cpp @@ -614,8 +614,17 @@ int LuaStateWrapper::RunScriptFunctionObject(const LuabindObjectWrapper* functio functionObjectArgument->GetLuabindObject()->push(m_State); } } - const std::string& path = functionObject->GetFilePath(); + + // Function object may be deleted during the Lua call, making `path` above invalid. + // Find and store the script timings entry now and write to it afterward. + PerformanceMan::ScriptTiming* timing = NULL; + + // only track time in non-MT scripts, for now + if (&g_LuaMan.GetMasterScriptState() == this) { + timing = &m_ScriptTimings[path]; + } + std::chrono::steady_clock::time_point begin = std::chrono::steady_clock::now(); { ZoneScoped; @@ -631,10 +640,9 @@ int LuaStateWrapper::RunScriptFunctionObject(const LuabindObjectWrapper* functio } std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now(); - // only track time in non-MT scripts, for now - if (&g_LuaMan.GetMasterScriptState() == this) { - m_ScriptTimings[path].m_Time += std::chrono::duration_cast(end - begin).count(); - m_ScriptTimings[path].m_CallCount++; + if (timing != NULL) { + timing->m_Time += std::chrono::duration_cast(end - begin).count(); + timing->m_CallCount++; } lua_pop(m_State, 1); From d69a26de9f1f7063931a7a371b46b28430220594 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leo=20G=C3=B6ttlicher?= <8429918+HeliumAnt@users.noreply.github.com> Date: Fri, 3 Oct 2025 01:42:07 +0200 Subject: [PATCH 2/2] NULL->nullptr --- Source/Managers/LuaMan.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Source/Managers/LuaMan.cpp b/Source/Managers/LuaMan.cpp index 886ad5bc21..194bfac083 100644 --- a/Source/Managers/LuaMan.cpp +++ b/Source/Managers/LuaMan.cpp @@ -618,7 +618,7 @@ int LuaStateWrapper::RunScriptFunctionObject(const LuabindObjectWrapper* functio // Function object may be deleted during the Lua call, making `path` above invalid. // Find and store the script timings entry now and write to it afterward. - PerformanceMan::ScriptTiming* timing = NULL; + PerformanceMan::ScriptTiming* timing = nullptr; // only track time in non-MT scripts, for now if (&g_LuaMan.GetMasterScriptState() == this) { @@ -640,7 +640,7 @@ int LuaStateWrapper::RunScriptFunctionObject(const LuabindObjectWrapper* functio } std::chrono::steady_clock::time_point end = std::chrono::steady_clock::now(); - if (timing != NULL) { + if (timing) { timing->m_Time += std::chrono::duration_cast(end - begin).count(); timing->m_CallCount++; }