mirror of https://github.com/axmolengine/axmol.git
fixed potential crash in CCScheduler::removeHashElement
If the scheduler is the last object to have retained the pElements target and the targets desctructor calls CCScheduler::unschedule() invalid memory is accessed as pElement->timers is already freed, but the pElement is not removed yet. Therefore the call to target->release() should be made after pElement has been removed from the hash table
This commit is contained in:
parent
dccaedd20d
commit
8ab1f3c6d2
|
@ -257,11 +257,18 @@ CCScheduler::~CCScheduler(void)
|
||||||
|
|
||||||
void CCScheduler::removeHashElement(_hashSelectorEntry *pElement)
|
void CCScheduler::removeHashElement(_hashSelectorEntry *pElement)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
cocos2d::CCObject *target = pElement->target;
|
||||||
|
|
||||||
ccArrayFree(pElement->timers);
|
ccArrayFree(pElement->timers);
|
||||||
pElement->target->release();
|
|
||||||
pElement->target = NULL;
|
|
||||||
HASH_DEL(m_pHashForTimers, pElement);
|
HASH_DEL(m_pHashForTimers, pElement);
|
||||||
free(pElement);
|
free(pElement);
|
||||||
|
|
||||||
|
// make sure the target is released after we have removed the hash element
|
||||||
|
// otherwise we access invalid memory when the release call deletes the target
|
||||||
|
// and the target calls removeAllSelectors() during its destructor
|
||||||
|
target->release();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void CCScheduler::scheduleSelector(SEL_SCHEDULE pfnSelector, CCObject *pTarget, float fInterval, bool bPaused)
|
void CCScheduler::scheduleSelector(SEL_SCHEDULE pfnSelector, CCObject *pTarget, float fInterval, bool bPaused)
|
||||||
|
|
Loading…
Reference in New Issue