From 16c11dada02c3d893d3b57e99e8d69c69e9b7dc6 Mon Sep 17 00:00:00 2001
From: dongresource <dongresource@protonmail.com>
Date: Wed, 26 Aug 2020 00:09:31 +0200
Subject: [PATCH] Fixed a use-after-free and a memory leak.

---
 src/CNProtocol.cpp    | 2 +-
 src/CNProtocol.hpp    | 2 +-
 src/PlayerManager.cpp | 8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/CNProtocol.cpp b/src/CNProtocol.cpp
index 3b1d5f8..b2c4acf 100644
--- a/src/CNProtocol.cpp
+++ b/src/CNProtocol.cpp
@@ -200,7 +200,7 @@ void CNSocket::step() {
 
     if (activelyReading && readBufferIndex - readSize <= 0) {            
         // decrypt readBuffer and copy to CNPacketData
-        CNSocketEncryption::decryptData(readBuffer, (uint8_t*)(&EKey), readSize);
+        CNSocketEncryption::decryptData((uint8_t*)&readBuffer, (uint8_t*)(&EKey), readSize);
 
         void* tmpBuf = xmalloc(readSize-sizeof(int32_t));
         memcpy(tmpBuf, readBuffer+sizeof(uint32_t), readSize-sizeof(int32_t));
diff --git a/src/CNProtocol.hpp b/src/CNProtocol.hpp
index 3cb7ef0..d2f9843 100644
--- a/src/CNProtocol.hpp
+++ b/src/CNProtocol.hpp
@@ -104,7 +104,7 @@ private:
     uint64_t EKey;
     uint64_t FEKey;
     int32_t readSize = 0;
-    uint8_t* readBuffer = new uint8_t[MAX_PACKETSIZE];
+    uint8_t readBuffer[MAX_PACKETSIZE];
     int readBufferIndex = 0;
     bool activelyReading = false;
     bool alive = true;
diff --git a/src/PlayerManager.cpp b/src/PlayerManager.cpp
index f49d0d7..3085521 100644
--- a/src/PlayerManager.cpp
+++ b/src/PlayerManager.cpp
@@ -55,18 +55,18 @@ void PlayerManager::removePlayer(CNSocket* key) {
     for (CNSocket* otherSock : players[key].viewable) {
         players[otherSock].viewable.remove(key); // gone
 
-        // now sent PC_EXIT packet
+        // now send PC_EXIT packet
         sP_FE2CL_PC_EXIT exitPacket;
         exitPacket.iID = players[key].plr->iID;
 
         otherSock->sendPacket((void*)&exitPacket, P_FE2CL_PC_EXIT, sizeof(sP_FE2CL_PC_EXIT));
     }
 
-    delete cachedView.plr;
-    players.erase(key);
-
     std::cout << U16toU8(cachedView.plr->PCStyle.szFirstName) << U16toU8(cachedView.plr->PCStyle.szLastName) << " has left!" << std::endl;
     std::cout << players.size() << " players" << std::endl;
+
+    delete cachedView.plr;
+    players.erase(key);
 }
 
 void PlayerManager::updatePlayerPosition(CNSocket* sock, int X, int Y, int Z) {