server: Avoid accessing free'd thread pointers.
Mike McCormack
mike at codeweavers.com
Fri Nov 10 03:41:23 CST 2006
Eric Pouech wrote:
> IIRC, the issue in this code is that you access in _SAFE macro the next
> field in the current cursor *after* the current cursor has been freed
> the issue is not that the next item has been freed while itering on the
> current cursor
> (this was at least the issue I had)
It looks like kill_thread can recurse if another thread is waiting on
the current thread we're killing.
wake_up -> wake_thread -> send_thread_wakeup -> kill_thread
If the waiting thread is in the current process, and it's later in the
list, I'm not sure anything stops it from being free'd.
Mike
More information about the wine-devel
mailing list