From fe13f9dfd12c0a7f08355b83e34e7dec1bfdd86d Mon Sep 17 00:00:00 2001
From: Jude Melton-Houghton <jwmhjwmh@gmail.com>
Date: Sun, 11 Sep 2022 13:28:37 -0400
Subject: Fix potential use-after-free with item metadata (#12729)

This fixes a use-after-free bug in the case where itemstack metadata is accessed after the itemstack has been garbage-collected.
---
 src/script/lua_api/l_item.h | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'src/script/lua_api/l_item.h')

diff --git a/src/script/lua_api/l_item.h b/src/script/lua_api/l_item.h
index a392555d2..72b1922dd 100644
--- a/src/script/lua_api/l_item.h
+++ b/src/script/lua_api/l_item.h
@@ -21,11 +21,15 @@ with this program; if not, write to the Free Software Foundation, Inc.,
 
 #include "lua_api/l_base.h"
 #include "inventory.h"  // ItemStack
+#include "util/pointer.h"
 
-class LuaItemStack : public ModApiBase {
+class LuaItemStack : public ModApiBase, public IntrusiveReferenceCounted {
 private:
 	ItemStack m_stack;
 
+	LuaItemStack(const ItemStack &item);
+	~LuaItemStack() = default;
+
 	static const char className[];
 	static const luaL_Reg methods[];
 
@@ -138,11 +142,10 @@ private:
 	static int l_peek_item(lua_State *L);
 
 public:
-	LuaItemStack(const ItemStack &item);
-	~LuaItemStack() = default;
+	DISABLE_CLASS_COPY(LuaItemStack)
 
-	const ItemStack& getItem() const;
-	ItemStack& getItem();
+	inline const ItemStack& getItem() const { return m_stack; }
+	inline ItemStack& getItem() { return m_stack; }
 
 	// LuaItemStack(itemstack or itemstring or table or nil)
 	// Creates an LuaItemStack and leaves it on top of stack
-- 
cgit v1.2.3