server: Avoid accessing free'd thread pointers.
Eric Pouech
eric.pouech at gmail.com
Fri Nov 10 04:21:28 CST 2006
2006/11/10, Mike McCormack <mike at codeweavers.com>:
>
>
> Eric Pouech wrote:
> > IIRC, the issue in this code is that you access in _SAFE macro the next
> > field in the current cursor *after* the current cursor has been freed
> > the issue is not that the next item has been freed while itering on the
> > current cursor
> > (this was at least the issue I had)
>
> It looks like kill_thread can recurse if another thread is waiting on
> the current thread we're killing.
>
> wake_up -> wake_thread -> send_thread_wakeup -> kill_thread
>
> If the waiting thread is in the current process, and it's later in the
> list, I'm not sure anything stops it from being free'd.
well, the kill_thread in that case in only done when the waiting thread also
died while waiting (ie has been killed by some other way) (in normal cases,
the wait operation on the waiting side would just return an error code)
the I'm not still conviced this path is actually executed in that case
what lead you to write the patch ?
A+
--
Eric Pouech
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winehq.org/pipermail/wine-devel/attachments/20061110/4f51310f/attachment.html
More information about the wine-devel
mailing list