[PATCH] mfplat/tests: Avoid crash by async cancel callback in linux.

Bernhard Übelacker bernhardu at mailbox.org
Sun Dec 12 09:50:18 CST 2021 

Signed-off-by: Bernhard Übelacker <bernhardu at mailbox.org>
---
The cancel in test_scheduled_items puts a work item to the
queue by invoke_async_callback.
But when this work item is processed the function test_scheduled_items
is possibly already left, and the stack memory overwritten by
the next test.

This testbot run tried to force the crash by invalidating the callback:
https://testbot.winehq.org/JobDetails.pl?Key=103981
---
 dlls/mfplat/tests/mfplat.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/dlls/mfplat/tests/mfplat.c b/dlls/mfplat/tests/mfplat.c
index 4dfdc18bb52..d1664e81031 100644
--- a/dlls/mfplat/tests/mfplat.c
+++ b/dlls/mfplat/tests/mfplat.c
@@ -2933,19 +2933,24 @@ static void test_MFHeapAlloc(void)
     MFHeapFree(res);
 }
 
+/* Documentation for MFCancelWorkItem mentions that the callback
+   might still be called, even when MFCancelWorkItem is left.
+   In Wine implementation the cancel queues a work item
+   via invoke_async_callback which needs the callback later. */
+static struct test_callback scheduled_items_callback;
+
 static void test_scheduled_items(void)
 {
-    struct test_callback callback;
     IMFAsyncResult *result;
     MFWORKITEM_KEY key, key2;
     HRESULT hr;
 
-    init_test_callback(&callback);
+    init_test_callback(&scheduled_items_callback);
 
     hr = MFStartup(MF_VERSION, MFSTARTUP_FULL);
     ok(hr == S_OK, "Failed to start up, hr %#x.\n", hr);
 
-    hr = MFScheduleWorkItem(&callback.IMFAsyncCallback_iface, NULL, -5000, &key);
+    hr = MFScheduleWorkItem(&scheduled_items_callback.IMFAsyncCallback_iface, NULL, -5000, &key);
     ok(hr == S_OK, "Failed to schedule item, hr %#x.\n", hr);
 
     hr = MFCancelWorkItem(key);
@@ -2960,7 +2965,7 @@ static void test_scheduled_items(void)
         return;
     }
 
-    hr = MFCreateAsyncResult(NULL, &callback.IMFAsyncCallback_iface, NULL, &result);
+    hr = MFCreateAsyncResult(NULL, &scheduled_items_callback.IMFAsyncCallback_iface, NULL, &result);
     ok(hr == S_OK, "Failed to create result, hr %#x.\n", hr);
 
     hr = pMFPutWaitingWorkItem(NULL, 0, result, &key);
@@ -2977,7 +2982,7 @@ static void test_scheduled_items(void)
 
     IMFAsyncResult_Release(result);
 
-    hr = MFScheduleWorkItem(&callback.IMFAsyncCallback_iface, NULL, -5000, &key);
+    hr = MFScheduleWorkItem(&scheduled_items_callback.IMFAsyncCallback_iface, NULL, -5000, &key);
     ok(hr == S_OK, "Failed to schedule item, hr %#x.\n", hr);
 
     hr = MFCancelWorkItem(key);
-- 
2.33.0

More information about the wine-devel mailing list