Fix physics platform behaviour regression

Lifetime checks for stored `RIDs` for collision objects assumed they had valid `object_ids`.
It turns out that some are not derived from `Object` and thus checking `ObjectDB` returns false for some valid `RIDs`.
To account for this we only perform lifetime checks on valid `object_ids`.
This commit is contained in:
lawnjelly 2024-09-22 08:29:30 +01:00
parent 621cadcf65
commit 6764338e09

View file

@ -60,8 +60,13 @@ bool CharacterBody3D::move_and_slide() {
// We need to check the platform_rid object still exists before accessing. // We need to check the platform_rid object still exists before accessing.
// A valid RID is no guarantee that the object has not been deleted. // A valid RID is no guarantee that the object has not been deleted.
if (ObjectDB::get_instance(platform_object_id)) {
//this approach makes sure there is less delay between the actual body velocity and the one we saved // We can only perform the ObjectDB lifetime check on Object derived objects.
// Note that physics also creates RIDs for non-Object derived objects, these cannot
// be lifetime checked through ObjectDB, and therefore there is a still a vulnerability
// to dangling RIDs (access after free) in this scenario.
if (platform_object_id.is_null() || ObjectDB::get_instance(platform_object_id)) {
// This approach makes sure there is less delay between the actual body velocity and the one we saved.
bs = PhysicsServer3D::get_singleton()->body_get_direct_state(platform_rid); bs = PhysicsServer3D::get_singleton()->body_get_direct_state(platform_rid);
} }