race condition in dinput's multiple joystick code and IL2
Robert Shearman
rob at codeweavers.com
Wed Jul 19 08:03:06 CDT 2006
Christoph Frick wrote:
>hi there,
>
>the code i submitted some weeks ago about having more than one
>/dev/input/event-joystick shows from time to time a race condition in
>IL2 Sturmovik. this game is written in java and somehow exe-fied. so the
>whole thing is running a boatload of threads. my box is a
>smp-opteron-system with gentoo and a 2.6.17 kernel.
>
>my problem is the following (in dlls/dinput/joystick_linuxinput.c): the
>new code calls a method (find_joydevs) on serveral places which checks
>by a global variable, whether it ran before (have_joydevs) and then
>builds up a list of the valid devices (joydevs). so what happes there is
>a struct is filled on the stack and later memcpy-ied to the end of a
>(re)alloced (HeapAlloc/HeapRealloc) list. things like the device are
>strdup'ed from the stack into the struct before copy.
>
>so in IL2 often - but not always - the have_joydevs has a count > -1,
>the joydevs has a pointer. but when it access the "struct" behind it,
>this is uninitialized memory (at least for the device-member) and random
>errors occur.
>
>so what i have tried so far:
>- put find_joydevs into a critical section
>
This should work. Why don't you share the patch you used to do this?
Note that none of the data in JoystickImpl is protected by that critical
section and maybe it should be.
--
Rob Shearman
More information about the wine-devel
mailing list