Retain CFRunLoopRef to prevent use-after-free in FsEventWatcher::stop#2
Merged
Anthony-Eid merged 1 commit intoupstream-merge-8.2.0from Feb 16, 2026
Merged
Conversation
`FsEventWatcher::run()` sends a non-retained `CFRunLoopRef` from the watcher thread back to the caller. If the watcher thread exits before `stop()` is called (e.g., the runloop has no sources), the runloop object is freed with the thread, leaving a dangling pointer. `stop()` then crashes in `CFRunLoopIsWaiting` on the freed ref. Fix: call `CFRetain` on the runloop before sending it across the channel, and `CFRelease` in `stop()` after joining the thread. This keeps the runloop object alive for the entire window between `run()` and `stop()`. Note: Claude Opus generated this PR, but I reviewed it locally and this fixed a crash that was occurring on Zed's end
Anthony-Eid
added a commit
to zed-industries/zed
that referenced
this pull request
Feb 16, 2026
See zed-industries/notify#2 for more details
Anthony-Eid
added a commit
to zed-industries/zed
that referenced
this pull request
Feb 17, 2026
Closes #49067 See zed-industries/notify#2 for more details Note: notify already fixed this upstream, and I'm planning on using their crate as our dependency once their v9 is officially released. Release Notes: - Fix panic that could occur when navigating external code
github-actions bot
pushed a commit
to zed-industries/zed
that referenced
this pull request
Feb 17, 2026
Closes #49067 See zed-industries/notify#2 for more details Note: notify already fixed this upstream, and I'm planning on using their crate as our dependency once their v9 is officially released. Release Notes: - Fix panic that could occur when navigating external code
github-actions bot
pushed a commit
to zed-industries/zed
that referenced
this pull request
Feb 17, 2026
Closes #49067 See zed-industries/notify#2 for more details Note: notify already fixed this upstream, and I'm planning on using their crate as our dependency once their v9 is officially released. Release Notes: - Fix panic that could occur when navigating external code
zed-zippy bot
added a commit
to zed-industries/zed
that referenced
this pull request
Feb 17, 2026
…pick to stable) (#49339) Cherry-pick of #49311 to stable ---- Closes #49067 See zed-industries/notify#2 for more details Note: notify already fixed this upstream, and I'm planning on using their crate as our dependency once their v9 is officially released. Release Notes: - Fix panic that could occur when navigating external code Co-authored-by: Anthony Eid <56899983+Anthony-Eid@users.noreply.github.com>
zed-zippy bot
added a commit
to zed-industries/zed
that referenced
this pull request
Feb 17, 2026
…pick to preview) (#49338) Cherry-pick of #49311 to preview ---- Closes #49067 See zed-industries/notify#2 for more details Note: notify already fixed this upstream, and I'm planning on using their crate as our dependency once their v9 is officially released. Release Notes: - Fix panic that could occur when navigating external code Co-authored-by: Anthony Eid <56899983+Anthony-Eid@users.noreply.github.com>
rtfeldman
pushed a commit
to zed-industries/zed
that referenced
this pull request
Feb 17, 2026
Closes #49067 See zed-industries/notify#2 for more details Note: notify already fixed this upstream, and I'm planning on using their crate as our dependency once their v9 is officially released. Release Notes: - Fix panic that could occur when navigating external code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
FsEventWatcher::run()sends a non-retainedCFRunLoopReffrom the watcher thread back to the caller. If the watcher thread exits beforestop()is called (e.g., the runloop has no sources), the runloop object is freed with the thread, leaving a dangling pointer.stop()then crashes inCFRunLoopIsWaitingon the freed ref.Fix: call
CFRetainon the runloop before sending it across the channel, andCFReleaseinstop()after joining the thread. This keeps the runloop object alive for the entire window betweenrun()andstop().Note: Claude Opus generated this PR, but I reviewed it locally and this fixed a crash that was occurring on Zed's end