Fix use-after-free crash in UI callbacks on rebase#1048
Open
Conversation
plafosse
reviewed
Apr 6, 2026
ui/ui.cpp
Outdated
| frame->navigate(m_controller->GetData(), address, true, true); | ||
| } | ||
|
|
||
| openDebuggerSideBar(frame); |
Member
There was a problem hiding this comment.
Whats the purpose of this? Seems like a behavior change.
Member
Author
There was a problem hiding this comment.
This is a change introduced earlier: #1032. The reason that I wanted it to no longer focus the debugger sidebar is that if the user is using sidekick to automate the debugger, this will cause the sidekick sidebar to lose focus.
I think I made some git mistake so that it gets wiped out unexpectedly. I will add it back
Member
Author
There was a problem hiding this comment.
I force-pushed to rebase it on top of dev. dev now already has the change
When the user closes a binary view tab while a debug session is still running (e.g., during a slow launch), the DebuggerUI is destroyed but the DebuggerController persists via reference counting. If the controller subsequently processes a target stop and calls RebaseToAddress(), it invokes NotifyRebaseBinaryView() through the now-dangling UI callback pointer, causing a SIGSEGV. Fix by unregistering the UI callbacks from the controller in the DebuggerUI destructor before deleting them. SetDebuggerUICallbacks now accepts nullptr to clear the callbacks. The existing null check in RebaseToAddress() ensures that any rebase attempt after UI destruction safely returns false instead of crashing. Fixes #1039 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
xusheng6
force-pushed
the
test_1039-fix-ui-callback-use-after-free
branch
from
361e0b2 to
3fecca8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
DebuggerControllerin~DebuggerUI()before deleting them, preventing a use-after-free crash when the controller processes a rebase after the UI is destroyed.SetDebuggerUICallbacksnow acceptsnullptrto clear the callbacks. The existing null check inRebaseToAddress()ensures any rebase attempt after UI destruction safely returnsfalse.Test plan
Fixes #1039
🤖 Generated with Claude Code