Please sign in to comment.
LASTEXPRESS: fix race condition in sound code
SoundEntry::play() calls StreamedSound::setFilterId(), StreamSound::setFilterId() requires the underlying reference to be alive. SoundQueue::handleTimer() checks that the stream is still alive by calling SoundEntry::isFinished(). However, if the stream is finalized just between calls to SoundEntry::isFinished() and SoundEntry::play(), the sound mixer frees the stream leading to use-after-free in setFilterId(). Turn off the automatical disposing, delete the stream in SoundEntry::~SoundEntry().
- Loading branch information...
Showing with 11 additions and 5 deletions.