From 49abbe57778b9ad301410eae064f054a00c0dd9d Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Tue, 31 Oct 2023 04:31:08 +0100 Subject: [PATCH] RhythmFerret: fix heap-use-after-free After splitting regions, the AudioRegionView of the original Region no longer exists when the RhythmFerret calls `clear_transients()` at the end. --- gtk2_ardour/rhythm_ferret.cc | 18 ++++++++++-------- gtk2_ardour/rhythm_ferret.h | 2 +- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/gtk2_ardour/rhythm_ferret.cc b/gtk2_ardour/rhythm_ferret.cc index c65126b1ef..d8ec25e166 100644 --- a/gtk2_ardour/rhythm_ferret.cc +++ b/gtk2_ardour/rhythm_ferret.cc @@ -231,7 +231,9 @@ RhythmFerret::run_analysis () clear_transients (); - regions_with_transients = editor.get_selection().regions; + for (auto const& rv : editor.get_selection().regions) { + regions_with_transients.push_back (rv->region ()); + } current_results.clear (); @@ -239,22 +241,22 @@ RhythmFerret::run_analysis () return; } - for (RegionSelection::iterator i = regions_with_transients.begin(); i != regions_with_transients.end(); ++i) { + for (auto const& r : regions_with_transients) { - std::shared_ptr rd = std::static_pointer_cast ((*i)->region()); + std::shared_ptr rd = std::static_pointer_cast (r); switch (get_analysis_mode()) { case PercussionOnset: - run_percussion_onset_analysis (rd, (*i)->region()->position_sample(), current_results); + run_percussion_onset_analysis (rd, r->position_sample(), current_results); break; case NoteOnset: - run_note_onset_analysis (rd, (*i)->region()->position_sample(), current_results); + run_note_onset_analysis (rd, r->position_sample(), current_results); break; default: break; } - (*i)->region()->set_onsets (current_results); + r->set_onsets (current_results); current_results.clear(); } } @@ -448,8 +450,8 @@ RhythmFerret::clear_transients () { current_results.clear (); - for (RegionSelection::iterator i = regions_with_transients.begin(); i != regions_with_transients.end(); ++i) { - (*i)->region()->set_onsets (current_results); + for (auto const& r : regions_with_transients) { + r->set_onsets (current_results); } regions_with_transients.clear (); diff --git a/gtk2_ardour/rhythm_ferret.h b/gtk2_ardour/rhythm_ferret.h index d406cc4a25..8a9901fee0 100644 --- a/gtk2_ardour/rhythm_ferret.h +++ b/gtk2_ardour/rhythm_ferret.h @@ -109,7 +109,7 @@ private: void clear_transients (); /** Regions that we have added transient marks to */ - RegionSelection regions_with_transients; + ARDOUR::RegionList regions_with_transients; AnalysisMode get_analysis_mode () const; Action get_action() const;