fix: use-after-free in CStateMonsterAttackOnRun::update_aim_side (#1973)

AMS21 · web-flow · commit 185fec55d2bb · 2025-11-06T15:57:06.000+03:00
diff --git a/src/xrGame/ai/monsters/states/monster_state_attack_on_run.h b/src/xrGame/ai/monsters/states/monster_state_attack_on_run.h
@@ -17,7 +17,7 @@ class CStateMonsterAttackOnRun : public CState<_Object>
     virtual void execute();
     virtual void finalize();
     virtual void critical_finalize();
-    virtual void remove_links(IGameObject* object) { inherited::remove_links(object); }
+    virtual void remove_links(IGameObject* object);
     virtual bool check_completion();
     virtual bool check_start_conditions();
 
diff --git a/src/xrGame/ai/monsters/states/monster_state_attack_on_run_inline.h b/src/xrGame/ai/monsters/states/monster_state_attack_on_run_inline.h
@@ -54,6 +54,7 @@ void ATTACK_ON_RUN_STATE::initialize()
     m_is_jumping = this->object->is_jumping();
     m_reach_old_target = false;
     m_attack_side_chosen_time = 0;
+    m_enemy_to_attack = nullptr;
 
     choose_next_atack_animation();
 }
@@ -179,6 +180,9 @@ void ATTACK_ON_RUN_STATE::update_aim_side()
 {
     CEntityAlive const* const enemy = m_attacking ? m_enemy_to_attack : this->object->EnemyMan.get_enemy();
 
+    if (!enemy)
+        return;
+
     Fvector const self_dir = this->object->Direction();
     Fvector const self_to_enemy = enemy->Position() - this->object->Position();
 
@@ -621,6 +625,15 @@ bool ATTACK_ON_RUN_STATE::check_completion()
     return false;
 }
 
+TEMPLATE_SIGNATURE
+void ATTACK_ON_RUN_STATE::remove_links(IGameObject* object)
+{
+    inherited::remove_links(object);
+
+    if (m_enemy_to_attack == object)
+        m_enemy_to_attack = nullptr;
+}
+
 #undef DEBUG_STATE
 
 #undef TEMPLATE_SIGNATURE
