[v5 PATCH 1/3] dwrite: Protect cached fontface list when accessed from multiple threads
Anton Romanov
theli.ua at gmail.com
Thu Aug 17 00:11:31 CDT 2017
On Wed, Aug 16, 2017 at 10:05 PM, Anton Romanov <theli.ua at gmail.com> wrote:
> On Tue, Aug 15, 2017 at 4:40 AM, Nikolay Sivov <nsivov at codeweavers.com> wrote:
>> Signed-off-by: Nikolay Sivov <nsivov at codeweavers.com>
>> ---
>> dlls/dwrite/dwrite_private.h | 15 ++++++++---
>> dlls/dwrite/font.c | 30 +++++++++++++--------
>> dlls/dwrite/main.c | 63 +++++++++++++++++++++++++++++++-------------
>> 3 files changed, 74 insertions(+), 34 deletions(-)
>>
> Since apps seem to freely use fontface interfaces from multiple
> threads - Isn't the following race possible?
>
> +----------------+------------------------+-------------------------+
> | T1 | T2 | T3 |
> +----------------+------------------------+-------------------------+
> | Release | | |
> | Decrement | | |
> | == 0 -> True | | |
> | | Query_Interface/AddRef | |
> | | Increment | |
> | | | Release |
> | | | Decrement |
> | free(cached) | | |
> | factory_unlock | | |
> | | | use after free (cached) |
> +----------------+------------------------+-------------------------+
Actually, with this version of the patch looks like this is exactly
the crash I'm consistently getting now (was fine with v1):
0093:trace:dwrite:dwritefontface_Release (0x97936c8)->(1)
0093:trace:dwrite:dwritefontface_Release (0x97936c8)->(0)
004c:trace:dwrite:dwritefontface_GetFiles (0x97936c8)->(0x339d58 0x339d50)
004c:trace:dwrite:dwritefontface_GetIndex (0x97936c8)
004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("GSUB"
0x339e60 0x339e68 0x339e64 0x339e5c)
004c:trace:dwrite:dwritefontface_ReleaseFontTable (0x97936c8)->((nil))
004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("glyf"
0x339e00 0x339e08 0x339e04 0x339dfc)
004c:trace:dwrite:dwritefontface_ReleaseFontTable (0x97936c8)->((nil))
004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("CFF "
0x339e00 0x339e08 0x339e04 0x339dfc)
004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("COLR"
0x339e00 0x339e08 0x339e04 0x339dfc)
004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("SVG "
0x339e00 0x339e08 0x339e04 0x339dfc)
004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("sbix"
0x339e00 0x339e08 0x339e04 0x339dfc)
004c:trace:dwrite:dwritetextanalyzer_GetGlyphPlacements (L"1" 0x33b264
0x33b444 1 0x9636198 0x9635dc0 1 0x97936c8 16.00 0 0 "Zyyy" L"en-US"
0x95f5760 0x70456084 1 0x96ef808 0xd231630)
004c:trace:dwrite:dwritefontface_QueryInterface
(0x97936c8)->({a71efdb4-9fdb-4838-ad90-cfc3be8c3daf} 0x339fd0)
004c:trace:dwrite:dwritefontface_GetMetrics (0x97936c8)->(0x339fd8)
004c:trace:dwrite:dwritefontface1_GetDesignGlyphAdvances
(0x97936c8)->(1 0x9636198 0x339fd4 0)
004c:trace:dwrite:dwritefontface_Release (0x97936c8)->(1)
004c:trace:dwrite:dwritefontface_GetDesignGlyphMetrics
(0x97936c8)->(0x7045637c 1 0x7045638c 0)
004c:trace:dwrite:dwritefontface_GetSimulations (0x97936c8)
004c:trace:dwrite:dwritefontface_Release (0x97936c8)->(0)
wine: Unhandled page fault on read access to 0xffffffff at address
0x37719c8 (thread 004c), starting debugger...
More information about the wine-devel
mailing list