File tree Expand file tree Collapse file tree 1 file changed +7
-2
lines changed
Expand file tree Collapse file tree 1 file changed +7
-2
lines changed Original file line number Diff line number Diff line change @@ -60,8 +60,13 @@ bool CharacterBody3D::move_and_slide() {
6060
6161 // We need to check the platform_rid object still exists before accessing.
6262 // A valid RID is no guarantee that the object has not been deleted.
63- if (ObjectDB::get_instance (platform_object_id)) {
64- // this approach makes sure there is less delay between the actual body velocity and the one we saved
63+
64+ // We can only perform the ObjectDB lifetime check on Object derived objects.
65+ // Note that physics also creates RIDs for non-Object derived objects, these cannot
66+ // be lifetime checked through ObjectDB, and therefore there is a still a vulnerability
67+ // to dangling RIDs (access after free) in this scenario.
68+ if (platform_object_id.is_null () || ObjectDB::get_instance (platform_object_id)) {
69+ // This approach makes sure there is less delay between the actual body velocity and the one we saved.
6570 bs = PhysicsServer3D::get_singleton ()->body_get_direct_state (platform_rid);
6671 }
6772
You can’t perform that action at this time.
0 commit comments