From cdcdf4564bebf7a2b1c390a137bb6622f23f01da Mon Sep 17 00:00:00 2001
From: Anton Popovichenko <anton.popovichenko@mendix.com>
Date: Fri, 14 Feb 2025 20:02:02 +0100
Subject: [PATCH] fix(Core/Pet): Fix possible heap-use-after-free of charmInfo
 when handling pet action. (#21439)

---
 src/server/game/Handlers/PetHandler.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/server/game/Handlers/PetHandler.cpp b/src/server/game/Handlers/PetHandler.cpp
index e7c42cb57..56702d125 100644
--- a/src/server/game/Handlers/PetHandler.cpp
+++ b/src/server/game/Handlers/PetHandler.cpp
@@ -432,8 +432,14 @@ void WorldSession::HandlePetActionHelper(Unit* pet, ObjectGuid guid1, uint32 spe
 
                     spell->prepare(&(spell->m_targets));
 
-                    charmInfo->SetForcedSpell(0);
-                    charmInfo->SetForcedTargetGUID();
+                    // spell->prepare() can delete charm info.
+                    // Let's refresh the pointer.
+                    charmInfo = pet->GetCharmInfo();
+                    if (charmInfo)
+                    {
+                        charmInfo->SetForcedSpell(0);
+                        charmInfo->SetForcedTargetGUID();
+                    }
                 }
                 else if (pet->ToPet() && (result == SPELL_FAILED_LINE_OF_SIGHT || result == SPELL_FAILED_OUT_OF_RANGE))
                 {