Use-after-free problem with FileChooser on ios

General JUCE discussion
1

Edit: it appears to run on a real ios device, so maybe not a real problem.

I’m having a use-after-free crash with the FileChooser on ios in this very basic
example. Works fine on Macos. The FileChooser object is allocated in the
MainComponent constructor and stored as a data member, so I don’t see how it
could be desroyed before the lambda runs. According to the address
sanitizer report it looks like the problem is with the FileChooser::Native being
used after it is freed. Am I using the FileChooser incorrectly here?

Run on the ios simulator 18.1 on macos 15.3.1 M1

JUCE on  develop via △ v3.31.5 
❯ git log -1 --format="%h - %cr"

4362f9e0df - 8 hours ago

JUCE on  develop via △ v3.31.5 
❯ date
Mon Mar 17 18:14:45 EDT 2025

#include "MainComponent.h"

//==============================================================================
MainComponent::MainComponent()
{
    setSize (600, 400);
     fileChooser = std::make_unique<juce::FileChooser>("Select a file...",
                                                     juce::File::getSpecialLocation(juce::File::userHomeDirectory),
                                                     "*.mp3;*.wav;*.aiff;*.m4a;*.ogg;*.flac");

// have also tried this:
//  fileChooser = std::make_unique<juce::FileChooser>("Select a file...",
//                                                    juce::File::getSpecialLocation(juce::File::userHomeDirectory),
//                                                     "*.mp3;*.wav;*.aiff;*.m4a;*.ogg;*.flac", true, false, this);
    
                                                       
    
  
    fileChooserButton.setButtonText("Choose File");
    fileChooserButton.onClick = [this]() { openFileChooser(); };
    addAndMakeVisible(fileChooserButton);
}

MainComponent::~MainComponent()
{
}

//==============================================================================
void MainComponent::paint (juce::Graphics& g)
{
    // (Our component is opaque, so we must completely fill the background with a solid colour)
    g.fillAll (getLookAndFeel().findColour (juce::ResizableWindow::backgroundColourId));

    g.setFont (juce::FontOptions (16.0f));
    g.setColour (juce::Colours::white);
    g.drawText ("Hello World!", getLocalBounds(), juce::Justification::centred, true);
}

void MainComponent::resized()
{
    auto bounds = getLocalBounds();
    fileChooserButton.setBounds(bounds.reduced(20).withHeight(30));
}

void MainComponent::openFileChooser()
{
     auto chooserFlags = juce::FileBrowserComponent::openMode |
                       juce::FileBrowserComponent::canSelectFiles;
    
    fileChooser->launchAsync(chooserFlags, [this](const juce::FileChooser& fc)
    {
        auto file = fc.getResults().getFirst();
        if (file != juce::File{})
        {
            DBG("Selected file: " << file.getFullPathName());
        }
    });
}

#pragma once

#include <JuceHeader.h>

//==============================================================================
/*
    This component lives inside our window, and this is where you should put all
    your controls and content.
*/
class MainComponent  : public juce::Component
{
public:
    //==============================================================================
    MainComponent();
    ~MainComponent() override;

    //==============================================================================
    void paint (juce::Graphics&) override;
    void resized() override;

private:
    //==============================================================================
    void openFileChooser();
    
    juce::TextButton fileChooserButton;
    std::unique_ptr<juce::FileChooser> fileChooser;

    JUCE_DECLARE_NON_COPYABLE_WITH_LEAK_DETECTOR (MainComponent)
};

FileChooser(35530,0x1068ec200) malloc: enabling scribbling to detect mods to free blocks
JUCE v8.0.6
Selected file: /Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Shared/AppGroup/E8FDEBD7-50D8-4A9D-953A-60E53CF773F9/File Provider Storage/Stuff/gardens-stylish-chill-303261 3.mp3
=================================================================
==35530==ERROR: AddressSanitizer: heap-use-after-free on address 0x00010c351738 at pc 0x0001044f6edc bp 0x00016d53f2f0 sp 0x00016d53f2e8
READ of size 8 at 0x00010c351738 thread T0
    #0 0x1044f6ed8 in juce::ReferenceCountedObjectPtr<juce::WeakReference<juce::Component, juce::ReferenceCountedObject>::SharedPointer>::operator==(std::nullptr_t) const+0x94 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101c3aed8)
    #1 0x1044f6bb8 in juce::WeakReference<juce::Component, juce::ReferenceCountedObject>::Master::getSharedPointer(juce::Component*)+0xb0 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101c3abb8)
    #2 0x1044f6a94 in juce::WeakReference<juce::Component, juce::ReferenceCountedObject>::getRef(juce::Component*)+0xcc (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101c3aa94)
    #3 0x1044f69b4 in juce::WeakReference<juce::Component, juce::ReferenceCountedObject>::WeakReference(juce::Component*)+0x6c (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101c3a9b4)
    #4 0x103eb46b4 in juce::WeakReference<juce::Component, juce::ReferenceCountedObject>::WeakReference(juce::Component*)+0x6c (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1015f86b4)
    #5 0x103ef7114 in juce::Component::exitModalState(int)+0x1d0 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10163b114)
    #6 0x1041fda98 in juce::FileChooser::Native::passResultsToInitiator(juce::Array<juce::URL, juce::DummyCriticalSection, 0>)+0xa8 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101941a98)
    #7 0x1041fd4d8 in invocation function for block in juce::FileChooser::Native::didPickDocumentsAtURLs(NSArray<NSURL*>*)+0x848 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1019414d8)
    #8 0x180fca80c in -[NSFileCoordinator _invokeAccessor:thenCompletionHandler:]+0x50 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x7f280c)
    #9 0x180fcada0 in __66-[NSFileCoordinator coordinateAccessWithIntents:queue:byAccessor:]_block_invoke+0x5c (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x7f2da0)
    #10 0x180fce294 in __78-[NSFileCoordinator(NSPrivate) _coordinateAccessWithIntents:queue:byAccessor:]_block_invoke_5+0x8c (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x7f6294)
    #11 0x180e9fc68 in __NSINDEXSET_IS_CALLING_OUT_TO_A_BOOL_BLOCK__+0xc (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x6c7c68)
    #12 0x180efd2f8 in -[NSBlockOperation main]+0x60 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x7252f8)
    #13 0x180efffb8 in __NSOPERATION_IS_INVOKING_MAIN__+0x8 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x727fb8)
    #14 0x180efc51c in -[NSOperation start]+0x268 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x72451c)
    #15 0x180f0072c in __NSOPERATIONQUEUE_IS_STARTING_AN_OPERATION__+0x8 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x72872c)
    #16 0x180f00434 in __NSOQSchedule_f+0xa4 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/Foundation.framework/Foundation:arm64+0x728434)
    #17 0x106b93414 in __wrap_dispatch_async_block_invoke+0xb8 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/Frameworks/libclang_rt.asan_iossim_dynamic.dylib:arm64+0x4f414)
    #18 0x1065c0ebc in _dispatch_call_block_and_release+0x14 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/usr/lib/system/introspection/libdispatch.dylib:arm64+0x4ebc)
    #19 0x1065c27b4 in _dispatch_client_callout+0xc (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/usr/lib/system/introspection/libdispatch.dylib:arm64+0x67b4)
    #20 0x1065d2458 in _dispatch_main_queue_drain+0x4c4 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/usr/lib/system/introspection/libdispatch.dylib:arm64+0x16458)
    #21 0x1065d1f80 in _dispatch_main_queue_callback_4CF+0x24 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/usr/lib/system/introspection/libdispatch.dylib:arm64+0x15f80)
    #22 0x18041b2d8 in __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__+0x8 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64+0x902d8)
    #23 0x180415834 in __CFRunLoopRun+0x794 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64+0x8a834)
    #24 0x180414c20 in CFRunLoopRunSpecific+0x224 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64+0x89c20)
    #25 0x19020ab0c in GSEventRunModal+0x9c (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices:arm64+0x3b0c)
    #26 0x185ad82f8 in -[UIApplication _run]+0x318 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore:arm64+0xe382f8)
    #27 0x185adc4f0 in UIApplicationMain+0x78 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/PrivateFrameworks/UIKitCore.framework/UIKitCore:arm64+0xe3c4f0)
    #28 0x103e9911c in juce::juce_iOSMain(int, char const**, void*)+0x80 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1015dd11c)
    #29 0x102b73a60 in juce::JUCEApplicationBase::main(int, char const**)+0x108 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1002b7a60)
    #30 0x1028be6b4 in main+0xc4 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1000026b4)
    #31 0x10669940c  (/usr/lib/dyld:arm64+0x140c)
    #32 0x106862270  (<unknown module>)

0x00010c351738 is located 248 bytes inside of 336-byte region [0x00010c351640,0x00010c351790)
freed by thread T0 here:
    #0 0x106ba2ba8 in _ZdlPv+0x68 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/Frameworks/libclang_rt.asan_iossim_dynamic.dylib:arm64+0x5eba8)
    #1 0x1041fabec in std::__1::default_delete<juce::FileChooser::Native>::operator()[abi:de180100](juce::FileChooser::Native*) const+0xa8 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10193ebec)
    #2 0x1041f9f14 in std::__1::__shared_ptr_pointer<juce::FileChooser::Native*, std::__1::shared_ptr<juce::FileChooser::Native>::__shared_ptr_default_delete<juce::FileChooser::Native, juce::FileChooser::Native>, std::__1::allocator<juce::FileChooser::Native>>::__on_zero_shared()+0x250 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10193df14)
    #3 0x102a58a20 in std::__1::__shared_count::__release_shared[abi:de180100]()+0x144 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10019ca20)
    #4 0x102a588b8 in std::__1::__shared_weak_count::__release_shared[abi:de180100]()+0x88 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10019c8b8)
    #5 0x10451b95c in std::__1::shared_ptr<juce::FileChooser::Native>::~shared_ptr[abi:de180100]()+0x140 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101c5f95c)
    #6 0x103e9e204 in std::__1::shared_ptr<juce::FileChooser::Native>::~shared_ptr[abi:de180100]()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1015e2204)
    #7 0x1041f7dd0 in juce::FileChooser::Native::launch()::'lambda'(int)::~()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10193bdd0)
    #8 0x1041f6ed4 in juce::FileChooser::Native::launch()::'lambda'(int)::~()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10193aed4)
    #9 0x1041f7b70 in juce::ModalComponentManager::Callback* juce::ModalCallbackFunction::create<juce::FileChooser::Native::launch()::'lambda'(int)>(juce::FileChooser::Native::launch()::'lambda'(int)&&)::Callable::~Callable()+0xb8 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10193bb70)
    #10 0x1041f7280 in juce::ModalComponentManager::Callback* juce::ModalCallbackFunction::create<juce::FileChooser::Native::launch()::'lambda'(int)>(juce::FileChooser::Native::launch()::'lambda'(int)&&)::Callable::~Callable()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10193b280)
    #11 0x1041f72f0 in juce::ModalComponentManager::Callback* juce::ModalCallbackFunction::create<juce::FileChooser::Native::launch()::'lambda'(int)>(juce::FileChooser::Native::launch()::'lambda'(int)&&)::Callable::~Callable()+0x5c (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10193b2f0)
    #12 0x1042442b8 in juce::ContainerDeletePolicy<juce::ModalComponentManager::Callback>::destroy(juce::ModalComponentManager::Callback*)+0xfc (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1019882b8)
    #13 0x104243a14 in juce::OwnedArray<juce::ModalComponentManager::Callback, juce::DummyCriticalSection>::deleteAllObjects()+0x230 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101987a14)
    #14 0x1042437a8 in juce::OwnedArray<juce::ModalComponentManager::Callback, juce::DummyCriticalSection>::~OwnedArray()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1019877a8)
    #15 0x104242628 in juce::OwnedArray<juce::ModalComponentManager::Callback, juce::DummyCriticalSection>::~OwnedArray()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101986628)
    #16 0x104245404 in juce::ModalComponentManager::ModalItem::~ModalItem()+0x274 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101989404)
    #17 0x1042426a0 in juce::ModalComponentManager::ModalItem::~ModalItem()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1019866a0)
    #18 0x1046a3abc in std::__1::default_delete<juce::ModalComponentManager::ModalItem>::operator()[abi:de180100](juce::ModalComponentManager::ModalItem*) const+0xa0 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101de7abc)
    #19 0x1046a37dc in std::__1::unique_ptr<juce::ModalComponentManager::ModalItem, std::__1::default_delete<juce::ModalComponentManager::ModalItem>>::reset[abi:de180100](juce::ModalComponentManager::ModalItem*)+0x29c (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101de77dc)
    #20 0x1046a352c in std::__1::unique_ptr<juce::ModalComponentManager::ModalItem, std::__1::default_delete<juce::ModalComponentManager::ModalItem>>::~unique_ptr[abi:de180100]()+0x68 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101de752c)
    #21 0x103f2a92c in std::__1::unique_ptr<juce::ModalComponentManager::ModalItem, std::__1::default_delete<juce::ModalComponentManager::ModalItem>>::~unique_ptr[abi:de180100]()+0x64 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10166e92c)
    #22 0x103f29a10 in juce::ModalComponentManager::handleAsyncUpdate()+0xa68 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10166da10)
    #23 0x102b816e0 in juce::AsyncUpdater::AsyncUpdaterMessage::messageCallback()+0x1c4 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1002c56e0)
    #24 0x102bc2d28 in juce::MessageQueue::deliverNextMessage()+0x2d8 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x100306d28)
    #25 0x102bc29ec in juce::MessageQueue::runLoopCallback()+0xc0 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1003069ec)
    #26 0x102bc1bb0 in juce::MessageQueue::runLoopSourceCallback(void*)+0x5c (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x100305bb0)
    #27 0x18041b7c0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__+0x14 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64+0x907c0)
    #28 0x18041b708 in __CFRunLoopDoSource0+0xa8 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64+0x90708)
    #29 0x18041ae6c in __CFRunLoopDoSources0+0xe4 (/Library/Developer/CoreSimulator/Volumes/iOS_22B81/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS 18.1.simruntime/Contents/Resources/RuntimeRoot/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation:arm64+0x8fe6c)

previously allocated by thread T0 here:
    #0 0x106ba2798 in _Znwm+0x68 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/Frameworks/libclang_rt.asan_iossim_dynamic.dylib:arm64+0x5e798)
    #1 0x103e9de70 in juce::FileChooser::Native::make(juce::FileChooser&, int)+0x30 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1015e1e70)
    #2 0x103e9dd44 in juce::FileChooser::showPlatformDialog(juce::FileChooser&, int, juce::FilePreviewComponent*)+0x184 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1015e1d44)
    #3 0x103f823bc in juce::FileChooser::createPimpl(int, juce::FilePreviewComponent*)+0x878 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1016c63bc)
    #4 0x103f816c0 in juce::FileChooser::launchAsync(int, std::__1::function<void (juce::FileChooser const&)>, juce::FilePreviewComponent*)+0x364 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x1016c56c0)
    #5 0x1028c83ac in MainComponent::openFileChooser()+0x2cc (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10000c3ac)
    #6 0x1028d62d8 in MainComponent::MainComponent()::$_0::operator()() const+0x84 (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x10001a2d8)
    <truncated to save space>
SUMMARY: AddressSanitizer: heap-use-after-free (/Users/user/Library/Developer/CoreSimulator/Devices/A1B6E0DC-2F6F-4CE4-8B45-C60E3799D3FE/data/Containers/Bundle/Application/12D0F0D7-0489-4987-9225-EEAD9367E598/FileChooser.app/FileChooser:arm64+0x101c3aed8) in juce::ReferenceCountedObjectPtr<juce::WeakReference<juce::Component, juce::ReferenceCountedObject>::SharedPointer>::operator==(std::nullptr_t) const+0x94
<truncated to save space>
2

Address Sanitizer false-positives are pretty rare, so I think there’s probably a real problem here.

Thanks for the example code. The code itself looks OK, so the bug is probably in JUCE itself.

Unfortunately, I haven’t been able to reproduce the issue in the Simulator. Looking at the call stack, I can guess at the problem, but I’m not certain that the fix is correct. Please could you try applying the attached patch, and check whether the issue is still present in the simulator? Thanks!

filechooser-use-after-free.patch (3.8 KB)

3

Thanks very much for the quick patch. Unfortunately it is still failing at the same place inside ReferenceCountedObjectPtr:

bool operator == (decltype (nullptr )) const noexcept { return referencedObject == nullptr ; }

I’m a little new to some of this, so let me know if I wasn’t really testing the patch:

  1. cd to JUCE folder on tip of develop
  2. git apply /path/to/filechooser-use-after-free.patch
  3. in xcode, clean build folder
  4. run

I added a DBG statement here and did see it right before the crash

 [result->controller.get() setParent: result];
 [result->delegate.get() setParent: result];
 DBG("filechooser patch applied");

Let me know if you’d like me to provide any DBG output or try another patch

Edit: forgot to mention that I’m running the code on the ipad pro 11 inch M4 ios 18.1 simulator

4

That looks like the correct procedure, thanks for trying that out. I’ve had another look - please could you try the attached patch?

filechooser-use-after-free-2.patch (1.3 KB)

I’ve tested out the exact same simulator version, and I’m still not seeing the issue here - not sure why.

1 Like
5

That worked, in both my real project and the example, thanks very much!

1 Like
6

Thanks again for the report and example code. The fix is now available on the develop branch.