From dc7e309f48fbc99a099299f9ddf97614ac15df61 Mon Sep 17 00:00:00 2001
From: Haoyu Qiu <timothyqiu32@gmail.com>
Date: Sun, 22 Oct 2023 22:59:46 +0800
Subject: [PATCH] Fix heap-use-after-free when resource loaded with
 load_threaded_request is never fetched
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Pedro J. Estébanez <pedrojrulez@gmail.com>
---
 core/io/resource_loader.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/core/io/resource_loader.cpp b/core/io/resource_loader.cpp
index f7915261af1..6721ec09533 100644
--- a/core/io/resource_loader.cpp
+++ b/core/io/resource_loader.cpp
@@ -1053,8 +1053,9 @@ void ResourceLoader::clear_thread_load_tasks() {
 		thread_load_mutex.lock();
 	}
 
-	for (KeyValue<String, LoadToken *> &E : user_load_tokens) {
-		memdelete(E.value);
+	while (user_load_tokens.begin()) {
+		// User load tokens remove themselves from the map on destruction.
+		memdelete(user_load_tokens.begin()->value);
 	}
 	user_load_tokens.clear();