[v5 PATCH 1/3] dwrite: Protect cached fontface list when accessed from multiple threads

Sebastian Lackner sebastian at fds-team.de
Thu Aug 17 07:15:05 CDT 2017


On 17.08.2017 10:11, Anton Romanov wrote:
>> Does this really work reliable on Windows? If yes it means the current idea
>> of thread safety is not really sufficient. Maybe Windows preserves cache
>> entries for some specific time (or for the duration of the factory), even
>> after the last reference is gone? Or maybe the factory has a reference on
>> each font face?
> 
> Sorry, I did misread the patch a bit. I'll take a closer look after I
> have some sleep.
> Here is the full lifetime of that fontface grepped from the log:
> https://paste.ee/p/3No74  (  egrep "(0x97936c8|warn)"
> ~/Desktop/Magic_Crash.log )
> And at the very list I cannot reproduce this crash on either windows
> or wine with v1 of this patch.
> 

The log contains the following line:

004c:warn:dwrite:factory_get_cached_fontface Failed to get {27f2a904-4eb8-441d-9678-0563f53e3e2f} from fontface, hr 0x80004005.

This means the cached interface was not used, and it is unclear where the pointer
in the following line comes from. Maybe I'm missing something, but for me it still
looks like a use-after-free. It does not really mean much that v1 "fixed" it,
sometimes a small timing difference is sufficient to hide the bug. ;)

Best regards,
Sebastian



More information about the wine-devel mailing list