From 409ff027f8adaba73ccf827eaa7856175fa7764d Mon Sep 17 00:00:00 2001
From: outfoxxed <outfoxxed@outfoxxed.me>
Date: Mon, 29 May 2023 00:51:58 -0700
Subject: [PATCH] Fix UAF in animation end callback if callback deletes the
 animation (#2389)

Removes use after free when the end callback deletes the animation as
long as `m_bRemoveEndAfterRan` is false.
---
 src/helpers/AnimatedVariable.hpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/helpers/AnimatedVariable.hpp b/src/helpers/AnimatedVariable.hpp
index 58efb956..d819ce1f 100644
--- a/src/helpers/AnimatedVariable.hpp
+++ b/src/helpers/AnimatedVariable.hpp
@@ -268,8 +268,10 @@ class CAnimatedVariable {
     // methods
     void onAnimationEnd() {
         if (m_fEndCallback) {
+            // loading m_bRemoveEndAfterRan before calling the callback allows the callback to delete this animation safely if it is false.
+            auto removeEndCallback = m_bRemoveEndAfterRan;
             m_fEndCallback(this);
-            if (m_bRemoveEndAfterRan)
+            if (removeEndCallback)
                 m_fEndCallback = nullptr; // reset
         }
     }