From a696bd6a46428181d2c67eee6aff3f1490f33170 Mon Sep 17 00:00:00 2001
From: Erwin Coumans <erwin.coumans@gmail.com>
Date: Wed, 25 Jul 2018 19:59:29 +0200
Subject: [PATCH] fix memory leak reported in Issue #1800 avoid access to array
 elements outside of range

---
 examples/SharedMemory/PhysicsServerCommandProcessor.cpp  | 6 ++++--
 .../btCompoundCompoundCollisionAlgorithm.cpp             | 9 +++++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/examples/SharedMemory/PhysicsServerCommandProcessor.cpp b/examples/SharedMemory/PhysicsServerCommandProcessor.cpp
index ab0314a1a..41c4bf6f9 100644
--- a/examples/SharedMemory/PhysicsServerCommandProcessor.cpp
+++ b/examples/SharedMemory/PhysicsServerCommandProcessor.cpp
@@ -5022,8 +5022,10 @@ bool PhysicsServerCommandProcessor::processSyncUserDataCommand(const struct Shar
 
 	b3AlignedObjectArray<int> userDataHandles;
 	m_data->m_userDataHandles.getUsedHandles(userDataHandles);
-	memcpy(bufferServerToClient, &userDataHandles[0], sizeof(int) * userDataHandles.size());
-
+	if (userDataHandles.size())
+	{
+		memcpy(bufferServerToClient, &userDataHandles[0], sizeof(int) * userDataHandles.size());
+	}
 	serverStatusOut.m_syncUserDataArgs.m_numUserDataIdentifiers = userDataHandles.size();
 	serverStatusOut.m_type = CMD_SYNC_USER_DATA_COMPLETED;
 	return hasStatus;
diff --git a/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp b/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp
index 108942b88..20b542f67 100644
--- a/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp
+++ b/src/BulletCollision/CollisionDispatch/btCompoundCompoundCollisionAlgorithm.cpp
@@ -181,11 +181,12 @@ struct	btCompoundCompoundLeafCallback : btDbvt::ICollide
 			
 
 			btSimplePair* pair = m_childCollisionAlgorithmCache->findPair(childIndex0,childIndex1);
-
+			bool removePair = false;
 			btCollisionAlgorithm* colAlgo = 0;
 			if (m_resultOut->m_closestPointDistanceThreshold > 0)
 			{
 				colAlgo = m_dispatcher->findAlgorithm(&compoundWrap0, &compoundWrap1, 0, BT_CLOSEST_POINT_ALGORITHMS);
+				removePair = true;
 			}
 			else
 			{
@@ -223,7 +224,11 @@ struct	btCompoundCompoundLeafCallback : btDbvt::ICollide
 			m_resultOut->setBody0Wrap(tmpWrap0);
 			m_resultOut->setBody1Wrap(tmpWrap1);
 			
-
+			if (removePair)
+			{
+				colAlgo->~btCollisionAlgorithm();
+				m_dispatcher->freeCollisionAlgorithm(colAlgo);
+			}
 
 		}
 	}