From 6e10e4636cad04469cd9c06e557a4a6bc0f14b33 Mon Sep 17 00:00:00 2001 From: cfillion Date: Fri, 18 Oct 2024 05:19:37 -0400 Subject: [PATCH] fix a crash when saving screensets after more than one context shared an ID 1. a = CreateContext('Foo') 2. b = CreateContext('Foo') 3. delete a --> screenset handler of b is unregistered 4. Save screenset --> screenset handler of the now-freed a is called 5. Use-after-free! --- src/context.cpp | 2 +- src/main.cpp | 4 ++-- src/window.cpp | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/context.cpp b/src/context.cpp index 3c98f5fc..d56c06c7 100644 --- a/src/context.cpp +++ b/src/context.cpp @@ -160,7 +160,7 @@ Context::Context(const ImGuiID id, const char *label, const int userConfigFlags) Context::~Context() { setCurrent(); - screenset_unregister(m_screensetID.data()); + screenset_unregisterByParam(this); if(m_imgui->WithinFrameScope) endFrame(false); diff --git a/src/main.cpp b/src/main.cpp index 34cff1bc..c4de3da7 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -73,12 +73,12 @@ static bool loadAPI(void *(*getFunc)(const char *)) IMPORT(GetToggleCommandState), IMPORT(plugin_getapi), IMPORT(plugin_register), - IMPORT(realloc_cmd_ptr), // v5.26 + IMPORT(realloc_cmd_ptr), // v5.95 IMPORT(ReaScriptError), IMPORT(RecursiveCreateDirectory), IMPORT(RefreshToolbar), IMPORT(screenset_registerNew), // v4 - IMPORT(screenset_unregister), + IMPORT(screenset_unregisterByParam), IMPORT(ViewPrefs), IMPORT(LICE_CreateBitmap), diff --git a/src/window.cpp b/src/window.cpp index bde6c581..425c3297 100644 --- a/src/window.cpp +++ b/src/window.cpp @@ -105,7 +105,7 @@ LRESULT CALLBACK Window::proc(HWND handle, const unsigned int msg, break; case WM_DESTROY: RemoveProp(handle, CLASS_NAME); - screenset_unregister(self->m_screensetKey.data()); + screenset_unregisterByParam(handle); // Disable message passing to the derived class (not available at this point) SetWindowLongPtr(handle, GWLP_USERDATA, 0); // Announce to REAPER the window is no longer going to be valid