FULLPIPE: Fix use-after-free in ModalMainMenu

Pointers to objects which are invalidated when the scene gets
unloaded may continue to be accessed if a mouse hover event is
dispatched to the ModalMainMenu.

1 files changed, 5 insertions, 0 deletions

diff --git a/engines/fullpipe/modal.cpp b/engines/fullpipe/modal.cpp
index a513cd405c..e3d0ee0fe1 100644
--- a/engines/fullpipe/modal.cpp
+++ b/engines/fullpipe/modal.cpp
@@ -1338,6 +1338,9 @@ bool ModalMainMenu::handleMessage(ExCommand *message) {
 	if (message->_messageKind != 17)
 		return false;
 
+	if (!_scene)
+		return false;
+
 	Common::Point point;
 
 	if (message->_messageNum == 29) {
@@ -1412,6 +1415,7 @@ bool ModalMainMenu::init(int counterdiff) {
 
 	case PIC_MNU_DEBUG_L:
 		g_fp->_gameLoader->unloadScene(SC_MAINMENU);
+		_scene = nullptr;
 		g_fp->_sceneRect = _screct;
 
 		if (!g_fp->_currentScene)
@@ -1427,6 +1431,7 @@ bool ModalMainMenu::init(int counterdiff) {
 	case PIC_MNU_CONTINUE_L:
 		if (!_mfield_34) {
 			g_fp->_gameLoader->unloadScene(SC_MAINMENU);
+			_scene = nullptr;
 			g_fp->_sceneRect = _screct;
 
 			if (g_fp->_currentScene) {