wild pointers in current named pipe implementation?

Dan Kegel dank at kegel.com
Mon Apr 14 12:25:39 CDT 2003


I know Mike is planning to rewrite the named pipe
implementation, but the current implementation could
use a little love while we're waiting for the new one.
So I'm looking into the recent user complaint
about FlushFileBuffers and named pipes, in hopes I can find
a very simple patch that will tide us over until the
new named pipes code is ready (whenever that might be;
Mike's busy on other things at the moment).

So I added an early call to FlushFileBuffers in the
named pipe regression test (see attached patch).
While poking around in wineserver, I found a few places where pointers
were not set to NULL after being invalidated, and
after I added the missing statements to set them to NULL,
wineserver started behaving badly on the regression
test.  A run of wineserver under valgrind showed a null pointer access,
so I added a couple null pointer check asserts (see attached patch).
And sure enough, they fire.

So the question is -- did I screw up, or did I uncover a real
issue?  The answer will help me as I continue digging
into the FlushFileBuffers named pipe bug report
(and testing possible simple enhancements to the current
named pipe implementation).

Thanks,
Dan

-- 
Dan Kegel
http://www.kegel.com
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=78045
-------------- next part --------------
Index: server/object.c
===================================================================
RCS file: /home/wine/wine/server/object.c,v
retrieving revision 1.27
diff -d -u -r1.27 object.c
--- server/object.c	19 Feb 2003 00:33:33 -0000	1.27
+++ server/object.c	14 Apr 2003 16:59:45 -0000
@@ -193,6 +193,7 @@
 struct object *grab_object( void *ptr )
 {
     struct object *obj = (struct object *)ptr;
+    assert( obj );
     assert( obj->refcount < INT_MAX );
     obj->refcount++;
     return obj;
Index: server/named_pipe.c
===================================================================
RCS file: /home/wine/wine/server/named_pipe.c,v
retrieving revision 1.22
diff -d -u -r1.22 named_pipe.c
--- server/named_pipe.c	4 Apr 2003 22:26:34 -0000	1.22
+++ server/named_pipe.c	14 Apr 2003 16:59:45 -0000
@@ -163,6 +163,7 @@
 static struct fd *pipe_user_get_fd( struct object *obj )
 {
     struct pipe_user *user = (struct pipe_user *)obj;
+    assert(user->fd);
     return (struct fd *)grab_object( user->fd );
 }
 
@@ -200,8 +201,11 @@
     if (user->prev) user->prev->next = user->next;
     else user->pipe->users = user->next;
     if (user->thread) release_object(user->thread);
+    user->thread = NULL;
     release_object(user->pipe);
+    user->pipe = NULL;
     if (user->fd) release_object( user->fd );
+    user->fd = NULL;
 }
 
 static int pipe_user_get_poll_events( struct fd *fd )
Index: dlls/kernel/tests/pipe.c
===================================================================
RCS file: /home/wine/wine/dlls/kernel/tests/pipe.c,v
retrieving revision 1.2
diff -d -u -r1.2 pipe.c
--- dlls/kernel/tests/pipe.c	25 Feb 2003 03:56:43 -0000	1.2
+++ dlls/kernel/tests/pipe.c	14 Apr 2003 16:59:45 -0000
@@ -86,6 +86,10 @@
         /* lpSecurityAttrib */ NULL);
     ok(hnp != INVALID_HANDLE_VALUE, "CreateNamedPipe failed");
 
+    if (!FlushFileBuffers(hnp)) {
+	/* we'll add a check here once we know how windows behaves */
+	fprintf(stderr, "FlushFileBuffers on new pipe failed, err %d\n", GetLastError());
+    }
     hFile = CreateFileA(PIPENAME, GENERIC_READ|GENERIC_WRITE, 0, 
             NULL, OPEN_EXISTING, 0, 0);
     todo_wine


More information about the wine-devel mailing list