From 9e0ba8a91f0b16d7bd92406c232028dc0f04fd58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20M=C3=BCller?= Date: Sat, 7 Sep 2024 16:57:27 +0200 Subject: [PATCH] Fix heap-use-after-free in `CVideo::Stop` The `delete ms_pCurrentVideo` deletes the current video instance (`this`) so the subsequent write to `m_Stopped` was invalid. Closes #8899. --- src/engine/client/video.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/engine/client/video.cpp b/src/engine/client/video.cpp index 85d7cc9ee..e4ac9cdfc 100644 --- a/src/engine/client/video.cpp +++ b/src/engine/client/video.cpp @@ -283,6 +283,7 @@ void CVideo::Pause(bool Pause) void CVideo::Stop() { dbg_assert(!m_Stopped, "Already stopped"); + m_Stopped = true; m_pGraphics->WaitForIdle(); @@ -341,8 +342,6 @@ void CVideo::Stop() pSound->PauseAudioDevice(); delete ms_pCurrentVideo; pSound->UnpauseAudioDevice(); - - m_Stopped = true; } void CVideo::NextVideoFrameThread()