Bug in CCScheduler::unscheduleAllSelectors?

Bug in CCScheduler::unscheduleAllSelectors?
0.0 0


I’m not sure, but this looks like a bug to me (resulting in a crash):

in CCScheduler::unscheduleAllSelectors, unscheduleAllSelectorsForTarget is called and in the next line pElement is accessed:

  pElement = (tHashSelectorEntry *)pElement->hh.next;

in unscheduleAllSelectorsForTarget, the same pElement seems to be resolved from target:

  tHashSelectorEntry *pElement = NULL;
  HASH_FIND_INT(m_pHashForSelectors, &pTarget, pElement);

and later removed and freed:

   removeHashElement(pElement); // <-- this method frees pElement!

now pElement~~>hh.next in unscheduleAllSelectors breaks.
My simple suggestion would be to assign pElement~~>hh.next to a temporary before calling unscheduleAllSelectorsForTarget.

I’m not sure if this is really a bug, or if this results from a wrong API usage in our code.


Yes, you are right.
Thank you.
#518 is created for this bug.