server: Avoid accessing free'd thread pointers.
mike at codeweavers.com
Fri Nov 10 03:41:23 CST 2006
Eric Pouech wrote:
> IIRC, the issue in this code is that you access in _SAFE macro the next
> field in the current cursor *after* the current cursor has been freed
> the issue is not that the next item has been freed while itering on the
> current cursor
> (this was at least the issue I had)
It looks like kill_thread can recurse if another thread is waiting on
the current thread we're killing.
wake_up -> wake_thread -> send_thread_wakeup -> kill_thread
If the waiting thread is in the current process, and it's later in the
list, I'm not sure anything stops it from being free'd.
More information about the wine-devel