Fix memory corruption when merging fineffs.

We could end up with a pointer to a deleted object in the final effects vector. Instead of replacing the old fineff with the new one, merge the new one into the old one then delete the new one. This means that fineff::schedule() may delete "this", so should only be called as (new blah_fineff())->schedule()
author: Neil Moore <neil@s-z.org> 2012-10-09 20:51:13 -0400
committer: Neil Moore <neil@s-z.org> 2012-10-09 20:51:13 -0400
commit: 0b80a8ecbde28820fb99febd1d76849e61d74887 (patch)
tree: 19350ee8266384efc3c9e20f4622fc7b51fbe60a /crawl-ref/source/fineff.cc
parent: 36f1f21f5e1f16c4489ae8ebe81fc218684d8479 (diff)
download: crawl-ref-0b80a8ecbde28820fb99febd1d76849e61d74887.tar.gz
crawl-ref-0b80a8ecbde28820fb99febd1d76849e61d74887.zip
1 files changed, 3 insertions, 5 deletions
diff --git a/crawl-ref/source/fineff.cc b/crawl-ref/source/fineff.cc
index 361da4526c..3692af70c4 100644
--- a/crawl-ref/source/fineff.cc
+++ b/crawl-ref/source/fineff.cc
@@ -22,12 +22,10 @@ void final_effect::schedule()
     for (vector<final_effect *>::iterator fi = env.final_effects.begin();
          fi != env.final_effects.end(); ++fi)
     {
-        if (mergeable(**fi))
+        if ((*fi)->mergeable(*this))
         {
-            final_effect *fe = *fi;
-            merge(*fe);
-            *fi = this;
-            delete fe;
+            (*fi)->merge(*this);
+            delete this;
             return;
         }
     }
author	Neil Moore <neil@s-z.org>	2012-10-09 20:51:13 -0400
committer	Neil Moore <neil@s-z.org>	2012-10-09 20:51:13 -0400
commit	0b80a8ecbde28820fb99febd1d76849e61d74887 (patch)
tree	19350ee8266384efc3c9e20f4622fc7b51fbe60a /crawl-ref/source/fineff.cc
parent	36f1f21f5e1f16c4489ae8ebe81fc218684d8479 (diff)
download	crawl-ref-0b80a8ecbde28820fb99febd1d76849e61d74887.tar.gz crawl-ref-0b80a8ecbde28820fb99febd1d76849e61d74887.zip