From 8f0871606230fa2e6d65013a30ca0693ac7abe16 Mon Sep 17 00:00:00 2001 From: Lorenzo Buitizon Date: Sat, 30 Aug 2025 17:10:30 +0800 Subject: [PATCH] Fixed issue where clear_exp_groups heap-use-after-free error. --- src/map/pc.c | 15 +++++++++++++++ src/map/pc.h | 1 + 2 files changed, 16 insertions(+) diff --git a/src/map/pc.c b/src/map/pc.c index 12d2444e713..090ae61f274 100644 --- a/src/map/pc.c +++ b/src/map/pc.c @@ -11806,9 +11806,13 @@ static int pc_readdb(void) /** * Read and load into memory, the exp_group_db.conf file. */ + pc->clear_class_exp_table(); pc->clear_exp_groups(); pc->read_exp_db(); + // Repopulate class_exp_table after reloading exp groups + status->read_job_db(); + // Reset and read skilltree pc->clear_skill_tree(); pc->read_skill_tree(); @@ -12543,6 +12547,16 @@ static void pc_clear_exp_groups(void) } } +static void pc_clear_class_exp_table(void) +{ + int i, j; + for (i = 0; i < CLASS_COUNT; i++) { + for (j = 0; j < 2; j++) { + pc->dbs->class_exp_table[i][j] = NULL; + } + } +} + static void pc_init_exp_groups(void) { int i; @@ -13079,6 +13093,7 @@ void pc_defaults(void) pc->removecombo = pc_removecombo; pc->update_job_and_level = pc_update_job_and_level; pc->clear_exp_groups = pc_clear_exp_groups; + pc->clear_class_exp_table = pc_clear_class_exp_table; pc->init_exp_groups = pc_init_exp_groups; pc->job_is_dummy = pc_job_is_dummy; diff --git a/src/map/pc.h b/src/map/pc.h index 657dbf47aa0..9040b38635c 100644 --- a/src/map/pc.h +++ b/src/map/pc.h @@ -1253,6 +1253,7 @@ END_ZEROED_BLOCK; /* End */ void (*validate_levels) (void); void (*update_job_and_level) (struct map_session_data *sd); void (*clear_exp_groups) (void); + void (*clear_class_exp_table) (void); void (*init_exp_groups) (void); bool (*job_is_dummy) (int job);