From e0759aa61ffef98edba88a1ee1804a381e4b39ea Mon Sep 17 00:00:00 2001
From: GoesM <130988564+GoesM@users.noreply.github.com>
Date: Tue, 30 Jan 2024 00:23:15 +0800
Subject: [PATCH] free `map_sub_` before `map_free(map_)` to avoid UAF&&NullPtr
 bug mentioned in #4078 (#4079)

* free `map_sub_` before `map_free(map_)`

Signed-off-by: GoesM <GoesM@buaa.edu.cn>

* reformat

Signed-off-by: GoesM <GoesM@buaa.edu.cn>

---------

Signed-off-by: GoesM <GoesM@buaa.edu.cn>
Co-authored-by: GoesM <GoesM@buaa.edu.cn>
---
 nav2_amcl/src/amcl_node.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nav2_amcl/src/amcl_node.cpp b/nav2_amcl/src/amcl_node.cpp
index 226c01348d..87b9559223 100644
--- a/nav2_amcl/src/amcl_node.cpp
+++ b/nav2_amcl/src/amcl_node.cpp
@@ -335,6 +335,7 @@ AmclNode::on_cleanup(const rclcpp_lifecycle::State & /*state*/)
   laser_scan_sub_.reset();
 
   // Map
+  map_sub_.reset();  //  map_sub_ may access map_, so it should be reset earlier
   if (map_ != NULL) {
     map_free(map_);
     map_ = nullptr;