Fix null pointer crash in Scheduler::animationTick by adding null check for uiManager_ (#56128) (#56128)#57327
Closed
shubhamksavita wants to merge 1 commit into
Closed
Fix null pointer crash in Scheduler::animationTick by adding null check for uiManager_ (#56128) (#56128)#57327shubhamksavita wants to merge 1 commit into
shubhamksavita wants to merge 1 commit into
Conversation
…ck for uiManager_ (#56128) (#56128) Summary: Changelog: [Android] [Fixed] - Fix crash in Scheduler::animationTick when uiManager_ is null. Test Plan: CI Fixes a null pointer dereference crash in `Scheduler::animationTick()` that occurs during shutdown race conditions. ### Root Cause Analysis **The Symptom**: `uiManager_` is null when `Scheduler::animationTick()` is called, causing a crash at offset 0x50 from null when accessing members of `UIManager`. **The Root Cause**: During shutdown, when `uninstallFabricUIManager()` is called, the Choreographer's animation frame callback (`doFrame`) can still arrive. While `FabricUIManagerBinding::driveCxxAnimations()` checks for null scheduler (added in D92986523), the internal `Scheduler::animationTick()` method didn't check if `uiManager_` is valid before dereferencing it: ```cpp void Scheduler::animationTick() const { uiManager_->animationTick(); // No null check - crashes if uiManager_ is null } ``` **The Fix**: Added a null check for `uiManager_` before accessing it, following the same defensive pattern used in `driveCxxAnimations()` and other methods in the codebase: ```cpp void Scheduler::animationTick() const { if (!uiManager_) { return; } uiManager_->animationTick(); } ``` **Why This Fix Works**: It prevents the null pointer dereference by checking `uiManager_` validity before use. During shutdown, if the scheduler is accessed after `uiManager_` becomes invalid, the method will safely return instead of crashing. ### Related Diffs - D92986523: Similar fix for null scheduler check in `driveCxxAnimations()` Logview link: [b3d4c4d8f7e6dd50b09fb7df9a1ad66a](https://www.internalfb.com/logview/system_vros_crashes/b3d4c4d8f7e6dd50b09fb7df9a1ad66a) CI Differential Revision: D93363797 Pulled By: shubhamksavita
meta-cla
Bot
added
the
CLA Signed
|
@shubhamksavita has exported this pull request. If you are a Meta employee, you can view the originating Diff in D93363797. |
cortinico
approved these changes
Jun 24, 2026
cortinico
left a comment
cortinico
left a comment
Contributor
There was a problem hiding this comment.
Review automatically exported from Phabricator review in Meta.
|
@shubhamksavita merged this pull request in e73592b. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary:
Changelog: [Android] [Fixed] - Fix crash in Scheduler::animationTick when uiManager_ is null.
Test Plan:
CI
Fixes a null pointer dereference crash in
Scheduler::animationTick()that occurs during shutdown race conditions.Root Cause Analysis
The Symptom:
uiManager_is null whenScheduler::animationTick()is called, causing a crash at offset 0x50 from null when accessing members ofUIManager.The Root Cause: During shutdown, when
uninstallFabricUIManager()is called, the Choreographer's animation frame callback (doFrame) can still arrive. WhileFabricUIManagerBinding::driveCxxAnimations()checks for null scheduler (added in D92986523), the internalScheduler::animationTick()method didn't check ifuiManager_is valid before dereferencing it:The Fix: Added a null check for
uiManager_before accessing it, following the same defensive pattern used indriveCxxAnimations()and other methods in the codebase:Why This Fix Works: It prevents the null pointer dereference by checking
uiManager_validity before use. During shutdown, if the scheduler is accessed afteruiManager_becomes invalid, the method will safely return instead of crashing.Related Diffs
driveCxxAnimations()Logview link: b3d4c4d8f7e6dd50b09fb7df9a1ad66a
CI
Differential Revision: D93363797
Pulled By: shubhamksavita