Skip to content

fix(android): bump rive-android to 11.6.1 (fixes data-binding UAF crash)#312

Open
mfazekas wants to merge 1 commit into
feat/use-viewmodel-instance-asyncfrom
fix/android-databinding-bump-rive-1161
Open

fix(android): bump rive-android to 11.6.1 (fixes data-binding UAF crash)#312
mfazekas wants to merge 1 commit into
feat/use-viewmodel-instance-asyncfrom
fix/android-databinding-bump-rive-1161

Conversation

@mfazekas

@mfazekas mfazekas commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Bumps runtimeVersions.android 11.4.1 → 11.6.1 to fix the intermittent native SIGSEGV in test-harness-android (experimental backend).

Root cause is a single-threaded re-entrancy / iterator-invalidation use-after-free in rive::DataBindContainer::updateDataBinds (a bind that auto-binds a nested view model re-enters addDataBind/removeDataBind and invalidates the active iterator). Fixed upstream in rive-runtime #12649, shipped in rive-android 11.6.1 (11.4.1/11.5.0/11.6.0 are vulnerable). The experimental backend compiles + builds clean against 11.6.1 (no API changes needed).

Resolves the android-databinding-native-crash flake — see #308 for the full investigation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant