Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: foobar2000 SDK bug: use after free in `fb2k::callLater` (Read 956 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

foobar2000 SDK bug: use after free in `fb2k::callLater`

It seems there is a bug in SDK 2023-09-23:

- `fb2k::callLater` method registers a timer and stores it in smart pointer.
- Smart pointer and user callback are captured by value in lambda that is stored inside timer object.
- During lambda execution it releases smart pointer first and then calls the user callback.
- Since smart pointer was released, all the data stored inside is invalidated, including the user callback. Which results in UB and crash.

Fix seems to be rather straightforward: invoke callback first, then release the pointer.

Relevant code: https://github.com/TheQwertiest/foobar2000-sdk/blob/8a9de5849e0950aebbbd8e27e7c17043b00be261/SDK/utility.cpp#L139


 

Re: foobar2000 SDK bug: use after free in `fb2k::callLater`

Reply #1
Problem noted, thanks for reporting.
Microsoft Windows: We can't script here, this is bat country.