fix teb crash

Andreas Mohr amohr at codeweavers.com
Thu Feb 1 14:38:14 CST 2001 

On Thu, Feb 01, 2001 at 12:32:34AM +0100, gerard patel wrote:
> At 12:12 PM 31/1/01 +0100, you (amohr at codeweavers.com) wrote:
> >The terminated thread had done a SendMessage before, however, and when
> >the receiving thread tried to reply to that SendMessage, the sending thread
> >was gone, which resulted in a crash as queue->teb was invalid.
> 
> <snip>
> 
> I remember having looked at some crash akin to this one; I had
> never the time to find the proper fix, but my impression was rather
> that the problem was that Wine don't destroy windows when a thread
> is terminated through TerminateThread().
Nope, I don't think so.

The part doing this is:

[cleanup]
Call kernel32.443: GlobalFree(403b4864) ret=010043cd fs=02c7
Ret  kernel32.443: GlobalFree() retval=00000000 ret=010043cd fs=02c7
Call kernel32.273: FreeResource(0101225c) ret=01004730 fs=02c7
Ret  kernel32.273: FreeResource() retval=00000000 ret=01004730 fs=02c7
Call user32.500: SendMessageA(00000138,00000fa1,00000001,00000000) ret=01004777
fs=02c7
trace:relay:WINPROC_CallWndProc (wndproc=0x40751990,hwnd=00000138,msg=WM_USER+0ba1,wp=00000001,lp=00000000)
trace:relay:WINPROC_CallWndProc (wndproc=0x1002f20,hwnd=00000138,msg=WM_USER+0ba1,wp=00000001,lp=00000000)
Call kernel32.685: TerminateThread(00000048,00000000) ret=01002f65 fs=008f
err:win:UserSignalProc uCode: 32
err:system:UserSignalProc
Ret  kernel32.685: TerminateThread() retval=00000001 ret=01002f65 fs=008f
Call user32.188: EndDialog(00000138,00000001) ret=0100307f fs=008f
trace:dialog:EndDialog 0138 1
trace:relay:WINPROC_CallWndProc (wndproc=0x40722ac0,hwnd=00000228,msg=WM_KILLFOCUS,wp=00000138,lp=00000000)
trace:win:GetClientRect (0,0 - 75,21)
trace:relay:WINPROC_CallWndProc (wndproc=0x40751990,hwnd=00000138,msg=WM_CTLCOLORBTN,wp=0000005c,lp=00000228)
trace:relay:WINPROC_CallWndProc (wndproc=0x1002f20,hwnd=00000138,msg=WM_CTLCOLORBTN,wp=0000005c,lp=00000228)
trace:relay:WINPROC_CallWndProc (wndproc=0x1002f20,hwnd=00000138,msg=WM_CTLCOLOR

This is a dialog with a progress bar, BTW.
So it seems the progress bar is a separate thread of the dialog,
which is probably also responsible for extracting files.
And this worker thread does a SendMessage to the original thread,
which then does a TerminateThread of the sending thread and an EndDialog
to close the whole dialog. And after that the window proc returns and
Wine wants to send the window procs result to the sending thread,
only to discover that the originating thread doesn't *exist* any more
and to crash !

That's why we need this fix IMHO.

Andreas Mohr

More information about the wine-devel mailing list