From 2bfdbc161b4bef039d89105f0fcdf6cee0089e98 Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Sat, 10 Jan 2026 03:42:51 +0100 Subject: [PATCH] Fix heap-use-after-free when drawing automation events When drawing over existing automation it can happen that the range that is being replaced is currently being in the lookup cache. --- libs/evoral/ControlList.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/libs/evoral/ControlList.cc b/libs/evoral/ControlList.cc index 26ac4b3e2f..185454eb58 100644 --- a/libs/evoral/ControlList.cc +++ b/libs/evoral/ControlList.cc @@ -739,7 +739,13 @@ ControlList::editor_add_ordered (OrderedPoints const & points, bool with_guard) timecnt_t distance = earliest.distance (latest); - (void) erase_range_internal (earliest, latest, _events); + if (erase_range_internal (earliest, latest, _events)) { + /* invalidate lookup cache + * This is required since add_guard_point () may use the + * cache to determine the value. + */ + mark_dirty (); + } if (with_guard) { unlocked_invalidate_insert_iterator ();