From 5373cf1cd5e2899c7d9fd7976ec39fbf4e5efc95 Mon Sep 17 00:00:00 2001
From: elsid <elsid.mail@gmail.com>
Date: Sat, 15 May 2021 12:36:37 +0200
Subject: [PATCH] Replace raw pointer by observer_ptr to avoid dangling pointer
 dereferencing

When game exit is requests when initial loading screen is active LightManager
can be destructed in the main thread before LightManagerStateAttribute::apply
is completed by different thread. Given that it uses raw pointer at some point
it becomes dangling because object is destructed this leads to UB and eventual
SIGSEGV.
---
 components/sceneutil/lightmanager.cpp | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/components/sceneutil/lightmanager.cpp b/components/sceneutil/lightmanager.cpp
index b5c7af780c..00c19dd402 100644
--- a/components/sceneutil/lightmanager.cpp
+++ b/components/sceneutil/lightmanager.cpp
@@ -731,7 +731,7 @@ namespace SceneUtil
 
         META_StateAttribute(NifOsg, LightManagerStateAttribute, osg::StateAttribute::LIGHT)
 
-        void initSharedLayout(osg::GLExtensions* ext, int handle) const
+        void initSharedLayout(osg::GLExtensions* ext, int handle, LightManager& lightManager) const
         {
             constexpr std::array<unsigned int, 1> index = { static_cast<unsigned int>(Shader::UBOBinding::LightBuffer) };
             int totalBlockSize = -1;
@@ -753,13 +753,17 @@ namespace SceneUtil
 
             for (int i = 0; i < 2; ++i)
             {
-                auto& buf = mLightManager->getLightBuffer(i);
+                auto& buf = lightManager.getLightBuffer(i);
                 buf->configureLayout(offsets[0], offsets[1], offsets[2], totalBlockSize, stride);
             }
         }
 
         void apply(osg::State& state) const override
         {
+            osg::ref_ptr<LightManager> lightManager;
+            if (!mLightManager.lock(lightManager))
+                return;
+
             if (!mInitLayout)
             {
                 mDummyProgram->apply(state);
@@ -772,12 +776,12 @@ namespace SceneUtil
                 // wait until the UBO binding is created
                 if (activeUniformBlocks > 0)
                 {
-                    initSharedLayout(ext, handle);
+                    initSharedLayout(ext, handle, *lightManager);
                     mInitLayout = true;
                 }
             }
-            mLightManager->getLightBuffer(state.getFrameStamp()->getFrameNumber())->uploadCachedSunPos(state.getInitialViewMatrix());
-            mLightManager->getLightBuffer(state.getFrameStamp()->getFrameNumber())->dirty();
+            lightManager->getLightBuffer(state.getFrameStamp()->getFrameNumber())->uploadCachedSunPos(state.getInitialViewMatrix());
+            lightManager->getLightBuffer(state.getFrameStamp()->getFrameNumber())->dirty();
         }
 
     private:
@@ -807,7 +811,7 @@ namespace SceneUtil
             return shader;
         }
 
-        LightManager* mLightManager;
+        osg::observer_ptr<LightManager> mLightManager;
         osg::ref_ptr<osg::Program> mDummyProgram;
         mutable bool mInitLayout;
     };