Fix null pointer crash in Scheduler::animationTick by adding null check for uiManager_#56128
Open
shubhamksavita wants to merge 1 commit intofacebook:mainfrom
Open
Fix null pointer crash in Scheduler::animationTick by adding null check for uiManager_#56128shubhamksavita wants to merge 1 commit intofacebook:mainfrom
shubhamksavita wants to merge 1 commit intofacebook:mainfrom
Conversation
…ck for uiManager_
Summary:
## Summary
Fixes a null pointer dereference crash in `Scheduler::animationTick()` that occurs during shutdown race conditions.
### Root Cause Analysis
**The Symptom**: `uiManager_` is null when `Scheduler::animationTick()` is called, causing a crash at offset 0x50 from null when accessing members of `UIManager`.
**The Root Cause**: During shutdown, when `uninstallFabricUIManager()` is called, the Choreographer's animation frame callback (`doFrame`) can still arrive. While `FabricUIManagerBinding::driveCxxAnimations()` checks for null scheduler (added in D92986523), the internal `Scheduler::animationTick()` method didn't check if `uiManager_` is valid before dereferencing it:
```cpp
void Scheduler::animationTick() const {
uiManager_->animationTick(); // No null check - crashes if uiManager_ is null
}
```
**The Fix**: Added a null check for `uiManager_` before accessing it, following the same defensive pattern used in `driveCxxAnimations()` and other methods in the codebase:
```cpp
void Scheduler::animationTick() const {
if (!uiManager_) {
return;
}
uiManager_->animationTick();
}
```
**Why This Fix Works**: It prevents the null pointer dereference by checking `uiManager_` validity before use. During shutdown, if the scheduler is accessed after `uiManager_` becomes invalid, the method will safely return instead of crashing.
### Related Diffs
- D92986523: Similar fix for null scheduler check in `driveCxxAnimations()`
Logview link: [b3d4c4d8f7e6dd50b09fb7df9a1ad66a](https://www.internalfb.com/logview/system_vros_crashes/b3d4c4d8f7e6dd50b09fb7df9a1ad66a)
Reviewed By: cortinico
Differential Revision: D93363797
meta-cla
bot
added
the
CLA Signed
|
@shubhamksavita has exported this pull request. If you are a Meta employee, you can view the originating Diff in D93363797. |
cortinico
approved these changes
Mar 17, 2026
Contributor
cortinico
left a comment
cortinico
left a comment
There was a problem hiding this comment.
Review automatically exported from Phabricator review in Meta.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary:
Summary
Fixes a null pointer dereference crash in
Scheduler::animationTick()that occurs during shutdown race conditions.Root Cause Analysis
The Symptom:
uiManager_is null whenScheduler::animationTick()is called, causing a crash at offset 0x50 from null when accessing members ofUIManager.The Root Cause: During shutdown, when
uninstallFabricUIManager()is called, the Choreographer's animation frame callback (doFrame) can still arrive. WhileFabricUIManagerBinding::driveCxxAnimations()checks for null scheduler (added in D92986523), the internalScheduler::animationTick()method didn't check ifuiManager_is valid before dereferencing it:The Fix: Added a null check for
uiManager_before accessing it, following the same defensive pattern used indriveCxxAnimations()and other methods in the codebase:Why This Fix Works: It prevents the null pointer dereference by checking
uiManager_validity before use. During shutdown, if the scheduler is accessed afteruiManager_becomes invalid, the method will safely return instead of crashing.Related Diffs
driveCxxAnimations()Logview link: b3d4c4d8f7e6dd50b09fb7df9a1ad66a
Reviewed By: cortinico
Differential Revision: D93363797