AnimMontage notify callback destroying owning actor causes crash

Destroying the owning actor as a response to an anim montage's anim notify causes unsafe access of the current anim montage. See repro steps.

• Create an anim montage
• Add an Montage Anim Notify to the montage's notify track with anim notify name Test
• In blueprint, call Play Montage on a skeletal mesh component to play the montage
• Destroy the owning actor in the Play Montage node's Begin Notify exec pin

Before testing, put a breakpoint in UAnimInstance::UninitializeAnimation()

When playing the montage and the actor is destroyed, notice that the breakpoint in UninitializeAnimation is hit and inspect the callstack. UninitializeAnimation() is called while executing the blueprint as a result of the anim notify. This happens in MontageInstance->Advance().

UninitializeAnimation() deletes all MontageInstances and clears the array that is currently being iterated in UAnimInstance::UpdateMontage(). This may or may not result in a crash because the memory being accessed may or may not have been overwritten yet, but further access of the current array element is definitely unsafe since it has been deleted.

[Image Removed]

How does TextureRenderTarget2D get TArray<uint8> type data?

hi, I have a problem that the event does not run on the client, but when the server runs it, it works. can anyone help?

Do I need to call Destory method to remove components from Actor when Destory method to remove Actor?

How do I set a material as a post-processing material?

its not replicating any thing ,why ?

Why does the REMOVE method of map container remove elements have memory leaks?

How to delete some elements correctly when deleting an array loop?

What is the difference between Camera and CineCamera?

How does TArray loop correctly remove elements in blueprints?

How to assign a value to a member of UMG's UMaterialInterface pointer type in C++?