[Scummvm-git-logs] scummvm master -> b618399ee21787d8da0817ea88cf3bbaf6a008df
sev-
noreply at scummvm.org
Sat Nov 29 09:04:18 UTC 2025
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://api.github.com/repos/scummvm/scummvm .
Summary:
b618399ee2 NGI: Fix use-after-free (Trac#16268)
Commit: b618399ee21787d8da0817ea88cf3bbaf6a008df
https://github.com/scummvm/scummvm/commit/b618399ee21787d8da0817ea88cf3bbaf6a008df
Author: Le Philousophe (lephilousophe at users.noreply.github.com)
Date: 2025-11-29T10:04:13+01:00
Commit Message:
NGI: Fix use-after-free (Trac#16268)
This bug happens when several kPauseAction messages are pushed in the
message queue because the first one has not been handled yet.
Changed paths:
engines/ngi/modal.cpp
diff --git a/engines/ngi/modal.cpp b/engines/ngi/modal.cpp
index f6b32a6896a..594c10ea736 100644
--- a/engines/ngi/modal.cpp
+++ b/engines/ngi/modal.cpp
@@ -2542,6 +2542,18 @@ void NGIEngine::openHelp() {
}
void NGIEngine::openMainMenu() {
+ /**
+ * This function is only called in global_messageHandler1 to open the main menu.
+ * To reach it, g_nmi->_modalObject is supposed to be null because, else, this object
+ * would catch the message (see ExCommand::handle).
+ * If we hammer kPauseAction, we get several messages in the queue which lead to this method
+ * executed several times leading to use-after-frees when the last main menu is closed.
+ * Instead, ignore messages which come in a row and only handle the first one.
+ */
+ if (g_nmi->_modalObject) {
+ return;
+ }
+
if (isDemo() && getLanguage() == Common::RU_RUS) {
ModalQuery *q = new ModalQuery;
More information about the Scummvm-git-logs
mailing list