[Scummvm-git-logs] scummvm master -> 68f42bcc4d57ed6bc793f5eb41ee3457c37fb681
bluegr
noreply at scummvm.org
Sat Feb 21 00:20:11 UTC 2026
This automated email contains information about 1 new commit which have been
pushed to the 'scummvm' repo located at https://api.github.com/repos/scummvm/scummvm .
Summary:
68f42bcc4d GRIM: Delete Set pool objects _after_ deleting Actor pool objects
Commit: 68f42bcc4d57ed6bc793f5eb41ee3457c37fb681
https://github.com/scummvm/scummvm/commit/68f42bcc4d57ed6bc793f5eb41ee3457c37fb681
Author: Donovan Watteau (contrib at dwatteau.fr)
Date: 2026-02-21T02:20:06+02:00
Commit Message:
GRIM: Delete Set pool objects _after_ deleting Actor pool objects
Fixes use-after-free in Grim::Set::findState() when quitting grim-demo-win
(e.g. in `st_pinata_crowd.bm` zone).
When deleting Set pool objects first, the following Actor pool object
deletion would call Grim::AnimComponent::reset() which ends up calling
Grim::Set::findState(). But at this point, Set pool objects have already
been deleted.
So, Set pool objects need to be deleted *after* Actor pool objects,
not *before*.
Changed paths:
engines/grim/grim.cpp
diff --git a/engines/grim/grim.cpp b/engines/grim/grim.cpp
index 76e7835a71c..8c4d9c8e749 100644
--- a/engines/grim/grim.cpp
+++ b/engines/grim/grim.cpp
@@ -237,8 +237,8 @@ GrimEngine::~GrimEngine() {
}
void GrimEngine::clearPools() {
- Set::getPool().deleteObjects();
Actor::getPool().deleteObjects();
+ Set::getPool().deleteObjects();
PrimitiveObject::getPool().deleteObjects();
TextObject::getPool().deleteObjects();
Bitmap::getPool().deleteObjects();
More information about the Scummvm-git-logs
mailing list