From f8bb0cd3d1da9d2d9d8dffe78cd0fb651e16a8af Mon Sep 17 00:00:00 2001
From: Jude Melton-Houghton <jwmhjwmh@gmail.com>
Date: Sun, 11 Sep 2022 13:28:37 -0400
Subject: Fix potential use-after-free with item metadata (#12729)

This fixes a use-after-free bug in the case where itemstack metadata is accessed after the itemstack has been garbage-collected.
---
 src/util/pointer.h | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/util')

diff --git a/src/util/pointer.h b/src/util/pointer.h
index b659cea0e..f4b70f822 100644
--- a/src/util/pointer.h
+++ b/src/util/pointer.h
@@ -257,3 +257,17 @@ private:
 	unsigned int *refcount;
 };
 
+// This class is not thread-safe!
+class IntrusiveReferenceCounted {
+public:
+	IntrusiveReferenceCounted() = default;
+	virtual ~IntrusiveReferenceCounted() = default;
+	void grab() noexcept { ++m_refcount; }
+	void drop() noexcept { if (--m_refcount == 0) delete this; }
+
+	// Preserve own reference count.
+	IntrusiveReferenceCounted(const IntrusiveReferenceCounted &) {}
+	IntrusiveReferenceCounted &operator=(const IntrusiveReferenceCounted &) { return *this; }
+private:
+	u32 m_refcount = 1;
+};
-- 
cgit v1.2.3