From 2e7164b65a17557df5c2c70244eaea5dda836806 Mon Sep 17 00:00:00 2001
From: Christian Semmler <mail@csemmler.com>
Date: Sun, 5 Apr 2026 11:32:02 -0700
Subject: [PATCH] Fix null pointer dereference in
 MxCompositeMediaPresenter::StartingTickle

When skipping the intro quickly, a child presenter's action can become
NULL during Tickle() due to a race with the cancellation system. Between
the parent's CurrentChunk() peek and the child's internal CurrentChunk()
call during Tickle(), a DS_CHUNK_BIT3 chunk can be prepended to the
subscriber queue, causing the child to cascade through DoneTickle and
EndAction which sets m_action to NULL.

Add a null check for GetAction() after Tickle(), consistent with the
existing guard in the !m_allChildrenStreaming branch.
---
 LEGO1/lego/legoomni/src/common/mxcompositemediapresenter.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/LEGO1/lego/legoomni/src/common/mxcompositemediapresenter.cpp b/LEGO1/lego/legoomni/src/common/mxcompositemediapresenter.cpp
index 781c76b6..247de5f5 100644
--- a/LEGO1/lego/legoomni/src/common/mxcompositemediapresenter.cpp
+++ b/LEGO1/lego/legoomni/src/common/mxcompositemediapresenter.cpp
@@ -127,7 +127,9 @@ void MxCompositeMediaPresenter::StartingTickle()
 			if (!(*it)->GetAction()->GetStartTime() && ((MxMediaPresenter*) *it)->CurrentChunk() &&
 				!((*it)->GetAction()->GetFlags() & MxDSAction::c_bit9)) {
 				(*it)->Tickle();
-				(*it)->GetAction()->SetFlags((*it)->GetAction()->GetFlags() | MxDSAction::c_bit9);
+				if ((*it)->GetAction()) {
+					(*it)->GetAction()->SetFlags((*it)->GetAction()->GetFlags() | MxDSAction::c_bit9);
+				}
 				m_remainingChildren--;
 			}
 		}