[Bugfix] GridLayer::parent_grid is a dangling raw pointer when grid is destroyed #270

New issue

Closed

opened 2026-03-07 23:22:36 +00:00 by john · 2 comments

john commented 2026-03-07 23:22:36 +00:00

Owner

Copy link

Summary

GridLayer stores its parent grid as a raw UIGrid* pointer (GridLayers.h:34). When the owning grid is destroyed, this pointer is not automatically nullified. If a Python-side reference to the layer outlives the grid, any method that accesses parent_grid dereferences freed memory.

Root Cause

GridLayers.h:34:

class GridLayer {
    ...
    UIGrid* parent_grid;   // Parent grid reference
    ...
};

This raw pointer is used extensively in GridLayers.cpp:

• Line 304, 309, 313: FOV computation via parent_grid->computeFOV()
• Line 319: FOV query via parent_grid->isInFOV()
• Line 361, 366, 367: Perspective update via parent_grid->fov_radius

While some access points check if (!parent_grid), the pointer itself becomes dangling (non-NULL but invalid) when the grid is destroyed — the check passes but the dereference is UB.

Reproduction

import mcrfpy

grid = mcrfpy.Grid(grid_size=(10, 10))
layer = mcrfpy.TileLayer(name="terrain", z_index=0, texture=some_texture)
grid.add_layer(layer)

# Keep reference to layer, destroy grid
del grid
# layer.parent_grid is now dangling

# Any operation that accesses parent_grid will crash
layer.grid = another_grid  # Setter reads parent_grid internally

Note: The grid setter code (GridLayers.cpp:1624, 2259) does check if (!self->data->parent_grid), but a dangling pointer won't be NULL — it will appear valid and dereference freed memory.

Fix Options

1. Use std::shared_ptr<UIGrid>: Keeps grid alive while layers reference it — but creates ownership issues since grid owns layers
2. Use std::weak_ptr<UIGrid>: Best option. Grid stays as owner, layers hold weak references. Check .lock() before access.
3. Invalidation on destruction: Grid destructor sets all layers' parent_grid = nullptr. Requires tracking.

Option 2 (weak_ptr) is cleanest: it mirrors the pattern already used by PyUniformCollectionObject::owner.

Severity

Medium — requires grid to be destroyed while layer references exist. Currently uncommon in practice because grids tend to live longer than their layers, but becomes important with dynamic scene management.

## Summary `GridLayer` stores its parent grid as a raw `UIGrid*` pointer (`GridLayers.h:34`). When the owning grid is destroyed, this pointer is not automatically nullified. If a Python-side reference to the layer outlives the grid, any method that accesses `parent_grid` dereferences freed memory. ## Root Cause `GridLayers.h:34`: ```cpp class GridLayer { ... UIGrid* parent_grid; // Parent grid reference ... }; ``` This raw pointer is used extensively in `GridLayers.cpp`: - Line 304, 309, 313: FOV computation via `parent_grid->computeFOV()` - Line 319: FOV query via `parent_grid->isInFOV()` - Line 361, 366, 367: Perspective update via `parent_grid->fov_radius` While some access points check `if (!parent_grid)`, the pointer itself becomes dangling (non-NULL but invalid) when the grid is destroyed — the check passes but the dereference is UB. ## Reproduction ```python import mcrfpy grid = mcrfpy.Grid(grid_size=(10, 10)) layer = mcrfpy.TileLayer(name="terrain", z_index=0, texture=some_texture) grid.add_layer(layer) # Keep reference to layer, destroy grid del grid # layer.parent_grid is now dangling # Any operation that accesses parent_grid will crash layer.grid = another_grid # Setter reads parent_grid internally ``` **Note**: The grid setter code (`GridLayers.cpp:1624, 2259`) does check `if (!self->data->parent_grid)`, but a dangling pointer won't be NULL — it will appear valid and dereference freed memory. ## Fix Options 1. **Use `std::shared_ptr<UIGrid>`**: Keeps grid alive while layers reference it — but creates ownership issues since grid owns layers 2. **Use `std::weak_ptr<UIGrid>`**: Best option. Grid stays as owner, layers hold weak references. Check `.lock()` before access. 3. **Invalidation on destruction**: Grid destructor sets all layers' `parent_grid = nullptr`. Requires tracking. Option 2 (weak_ptr) is cleanest: it mirrors the pattern already used by `PyUniformCollectionObject::owner`. ## Severity **Medium** — requires grid to be destroyed while layer references exist. Currently uncommon in practice because grids tend to live longer than their layers, but becomes important with dynamic scene management.

john referenced this issue 2026-03-07 23:25:45 +00:00

[Bugfix] GridChunk::parent_grid raw pointer can dangle #277

john referenced this issue 2026-03-07 23:26:21 +00:00

[Meta] Engine memory safety audit — 7DRL 2026 post-mortem #279

john added the

Bugfix

label 2026-03-08 00:01:04 +00:00

john added a new dependency 2026-03-08 21:07:33 +00:00

#252 GridView and Grid, FOVLayer and PathLayer

john commented 2026-03-08 21:07:50 +00:00

Author

Owner

Copy link

Deferred from the #258–#278 memory safety audit. The raw UIGrid* pointer issue is naturally resolved by #252 (GridMap/GridView split), which replaces UIGrid entirely. GridLayer::parent_grid will change from UIGrid* to GridMap* with proper lifetime management as part of that architecture change. Linked as dependency of #252.

Deferred from the #258–#278 memory safety audit. The raw `UIGrid*` pointer issue is naturally resolved by #252 (GridMap/GridView split), which replaces `UIGrid` entirely. GridLayer::parent_grid will change from `UIGrid*` to `GridMap*` with proper lifetime management as part of that architecture change. Linked as dependency of #252.

john referenced this issue 2026-03-15 20:17:53 +00:00

GridView and Grid, FOVLayer and PathLayer #252

john commented 2026-03-15 20:18:09 +00:00

Author

Owner

Copy link

Roadmap context

Folded into #252 (Grid/GridView split) in the Grid & Entity Overhaul Roadmap (docs/GRID_ENTITY_OVERHAUL_ROADMAP.md), Phase 4. During the split, all raw UIGrid* pointers in GridLayer, UIGridPoint, and GridChunk will be converted to weak_ptr<Grid>.

## Roadmap context Folded into #252 (Grid/GridView split) in the Grid & Entity Overhaul Roadmap (`docs/GRID_ENTITY_OVERHAUL_ROADMAP.md`), **Phase 4**. During the split, all raw `UIGrid*` pointers in GridLayer, UIGridPoint, and GridChunk will be converted to `weak_ptr<Grid>`.

john referenced this issue from a commit 2026-03-16 22:23:55 +00:00

Phase 4.1: Extract GridData base class from UIGrid (#252, #270, #271, #277)

john referenced this issue 2026-04-04 08:34:50 +00:00

GridView and Grid, FOVLayer and PathLayer #252

john referenced this issue from a commit 2026-04-10 05:09:18 +00:00

Add issue triage document for all 46 open issues

john referenced this issue 2026-04-10 05:35:16 +00:00

[Meta] Engine memory safety audit — 7DRL 2026 post-mortem #279

john referenced this issue from a commit 2026-04-10 05:46:54 +00:00

Null parent_grid pointers in GridData destructor, closes #270, closes #271, closes #277

john closed this issue 2026-04-10 05:46:54 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

threedee

emscripten-mcrogueface

rogueliketutorial25

alpha_presentable

alpha_streamline_2

alpha_streamline_1

interpreter_mode

grid_entity_integration

reprs_and_member_names

break_up_ui_h

standardize_font_handling

standardize_vector_handling

standardize_color_handling

standardize_texture_handling

raii_pyobjects

rebase-for-7DRL_Feb-2024

engjam_uicollection

engjam_ui_overhaul

0.2.3-prerelease-7drl2026-emscripten

Labels

Clear labels   

Alpha Release Requirement

This issue is a blocker to 0.1 Alpha release of McRogueFace.

  

Bugfix

  

Demo Target

Functionality to demonstrate; Depends on new features, but this issue isn't for writing them.

  

Documentation

  

Major Feature

Significant time and effort required.

  

Minor Feature

Some effort required to create or overhaul functionality.

  

priority:tier1-active

Current development focus - critical path to v1.0

  

priority:tier2-foundation

Important foundation work - not blocking v1.0

  

priority:tier3-future

Future features - deferred until after v1.0

  

priority:tier4-deferred

  

Refactoring & Cleanup

no new functionality, just improving the codebase.

  

system:animation

Animation and property interpolation

  

system:documentation

Documentation infrastructure

  

system:grid

Grid system and spatial containers

  

system:input

Input handling and events

  

system:performance

Performance optimization and profiling

  

system:procgen

Procedural Generation (Noise, BSP, Heightmap)

  

system:python-binding

Python/C++ binding layer

  

system:rendering

Rendering pipeline and visuals

  

system:ui-hierarchy

UI component hierarchy and composition

  

Tiny Feature

quick and easy - a few lines or with little interconnection around the codebase

  

workflow:blocked

Blocked by other work - waiting on dependencies

  

workflow:needs-benchmark

Needs performance testing and benchmarks

  

workflow:needs-documentation

Needs documentation before or after implementation

No labels

Alpha Release Requirement

Bugfix

Demo Target

Documentation

Major Feature

Minor Feature

priority:tier1-active

priority:tier2-foundation

priority:tier3-future

priority:tier4-deferred

Refactoring & Cleanup

system:animation

system:documentation

system:grid

system:input

system:performance

system:procgen

system:python-binding

system:rendering

system:ui-hierarchy

Tiny Feature

workflow:blocked

workflow:needs-benchmark

workflow:needs-documentation

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Depends on

#252 GridView and Grid, FOVLayer and PathLayer

john/McRogueFace

Reference

john/McRogueFace#270

No description provided.