coreaudio: unregister interruption observer unconditionally on close

jonameson · claude · jonameson · commit 9e601b3b0e48 · 2026-04-23T09:54:50.000-04:00
update_audio_session()'s existing close-path observer teardown lived at the bottom of the function, after two [AVAudioSession setCategory:] and one [setActive:] calls that early-return on failure. When setCategory fails during close (phone call, Siri, CarPlay / AirPlay handoff, or a session owned by another app), the early-return skipped the unregister and the SDLInterruptionListener stayed subscribed to NSNotificationCenter with a stale device pointer. The next UIApplicationWillEnterForeground or UIApplicationDidBecomeActive notification then dispatched into interruption_end() on freed memory, crashing with EXC_BAD_ACCESS. Move the close-path unregister to the top of the function so it runs unconditionally, before any early-return. Also add self.device == NULL guards in both listener callbacks as defense in depth so that any future cleanup-flow edit can't silently reintroduce the crash. The sibling setActive:YES leak on last-device close was fixed in 2018 (issue #2900). This closes the setCategory: leak that has remained since. The same root cause is reported in SDL3 as #12660. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
diff --git a/src/audio/coreaudio/SDL_coreaudio.m b/src/audio/coreaudio/SDL_coreaudio.m
@@ -351,6 +351,13 @@ @implementation SDLInterruptionListener
 - (void)audioSessionInterruption:(NSNotification *)note
 {
     @synchronized(self) {
+        /* Defense in depth: if the device was already torn down, do nothing.
+           The close path now unregisters at the top of update_audio_session,
+           so this should not fire after close, but guarding here keeps the
+           callback safe if a future edit rearranges the cleanup flow. */
+        if (self.device == NULL) {
+            return;
+        }
         NSNumber *type = note.userInfo[AVAudioSessionInterruptionTypeKey];
         if (type.unsignedIntegerValue == AVAudioSessionInterruptionTypeBegan) {
             interruption_begin(self.device);
@@ -363,6 +370,9 @@ - (void)audioSessionInterruption:(NSNotification *)note
 - (void)applicationBecameActive:(NSNotification *)note
 {
     @synchronized(self) {
+        if (self.device == NULL) {
+            return;
+        }
         interruption_end(self.device);
     }
 }
@@ -375,6 +385,25 @@ static BOOL update_audio_session(_THIS, SDL_bool open, SDL_bool allow_playandrec
         AVAudioSession *session = [AVAudioSession sharedInstance];
         NSNotificationCenter *center = [NSNotificationCenter defaultCenter];
 
+        /* Close path: unregister the interruption observer FIRST, before any
+           code that can early-return. When [AVAudioSession setCategory:] fails
+           (phone call, Siri, CarPlay or AirPlay handoff, session owned by
+           another app), the early-return below previously left the listener
+           registered with a stale device pointer; NotificationCenter would
+           later deliver foreground events to freed memory, crashing in
+           interruption_end(). See issue #2900 for the sibling setActive:YES
+           leak that was fixed in 2018; this closes the setCategory: leak
+           that has remained since. */
+        if (!open && this->hidden != NULL && this->hidden->interruption_listener != NULL) {
+            SDLInterruptionListener *listener =
+                (SDLInterruptionListener *)CFBridgingRelease(this->hidden->interruption_listener);
+            this->hidden->interruption_listener = NULL;
+            [center removeObserver:listener];
+            @synchronized(listener) {
+                listener.device = NULL;
+            }
+        }
+
         NSString *category = AVAudioSessionCategoryPlayback;
         NSString *mode = AVAudioSessionModeDefault;
         NSUInteger options = AVAudioSessionCategoryOptionMixWithOthers;
@@ -498,14 +527,10 @@ static BOOL update_audio_session(_THIS, SDL_bool open, SDL_bool allow_playandrec
                          object:nil];
 
             this->hidden->interruption_listener = CFBridgingRetain(listener);
-        } else {
-            SDLInterruptionListener *listener = nil;
-            listener = (SDLInterruptionListener *)CFBridgingRelease(this->hidden->interruption_listener);
-            [center removeObserver:listener];
-            @synchronized(listener) {
-                listener.device = NULL;
-            }
         }
+        /* Close-path unregister is handled at the top of this function so it
+           runs unconditionally, even when a setCategory:/setActive:
+           early-return skips the rest of the body. */
     }
 
     return YES;
