This bug can be avoided by the attached patch to simgear.
I'd still prefer to really fix it in openscenegraph (with the earlier patch), but am offering this as an alternative if that is deemed too much for a freeze exception.
Description: Work around openscenegraph use-after-free bug Calling openscenegraph's removeUpdateCallback(nc) when there are no other references to nc creates a use-after-free condition, and hence a crash. Avoid this by creating another reference before calling it. Author: Rebecca N. Palmer <rebecca_pal...@zoho.com> Bug-Debian: https://bugs.debian.org/765855 --- simgear-3.0.0.orig/simgear/scene/util/UpdateOnceCallback.cxx +++ simgear-3.0.0/simgear/scene/util/UpdateOnceCallback.cxx @@ -20,6 +20,7 @@ #include "UpdateOnceCallback.hxx" #include <osg/Node> +#include <osg/ref_ptr> namespace simgear { @@ -27,6 +28,7 @@ using namespace osg; void UpdateOnceCallback::operator()(Node* node, NodeVisitor* nv) { + ref_ptr<UpdateOnceCallback> prevent_premature_deletion=this; doUpdate(node, nv); node->removeUpdateCallback(this); // The callback could be deleted now.
