http://bugs.winehq.org/show_bug.cgi?id=31882
--- Comment #48 from Henri Verbeet <hverbeet(a)gmail.com> 2012-10-27 00:51:16 CDT ---
I looked at this a bit, and what seems to be happening is that the application
ends up calling TerminateThread() -> ... -> pthread_exit() while the thread
that gets terminated is inside x11drv_surface_flush() -> XSync() -> ... ->
wait_for_reply() -> _xcb_conn_wait(). Then, when a different thread accesses
the xcb reader list in _xcb_in_wake_up_next_reader(), the reader entry for the
thread that was terminated now points to freed memory, which explains the
pthread_cond_signal() call in there either blocking or crashing. There seems to
be a somewhat similar issue if a thread gets terminated while holding the
"c->iolock" mutex inside libxcb.
--
Configure bugmail:
http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.