Note the for loop is actually accessing the event array. So it's crucial not to mess up the array in the event callback we registered.
So below code will report heap-use-after-free, because luavgl_obj_delete will remove events registered from lua, thus modifying event array while iterating it.
Introduce the problem
Continue of #10.
To free resources added to obj from LUA code, we monitor if obj is deleted by event
LV_EVENT_DELETEand clean up in the event callback.https://github.com/XuNeo/luavgl/blob/964eeba9e9b8388cad3879965b31c2e1c755e806/src/obj.c#L846-L847
However, the event callback registered to lvgl is called from below code.
https://github.com/lvgl/lvgl/blob/745ef50e65c2682f87adfa53b42daab9f2dfa685/src/misc/lv_event.c#L63-L86
Note the for loop is actually accessing the event array. So it's crucial not to mess up the array in the event callback we registered.
So below code will report heap-use-after-free, because
luavgl_obj_deletewill remove events registered from lua, thus modifying event array while iterating it.https://github.com/XuNeo/luavgl/blob/964eeba9e9b8388cad3879965b31c2e1c755e806/src/obj.c#L50-L69
Proposal
No response