[PATCH 6/6] rtworkq: Fix reference leak when canceling waiting work items.

Mon Jan 10 08:20:08 CST 2022


On 1/4/22 20:35, Derek Lesho wrote:
> A waiting work_item has two references, the initial reference from creation, and an additional reference associated with its presence pending_items list, freed through queue_release_pending_item.  RtwqCancelWorkItem only releases the second reference.
>
...
> @@ -866,6 +866,7 @@ static HRESULT queue_cancel_item(struct queue *queue, RTWQWORKITEM_KEY key)
>           if (item->key == key)
>           {
>               key >>= 32;
> +            queue_release_pending_item(item);
>               if ((key & WAIT_ITEM_KEY_MASK) == WAIT_ITEM_KEY_MASK)
>               {
>                   IRtwqAsyncResult_SetStatus(item->result, RTWQ_E_OPERATION_CANCELLED);
> @@ -876,7 +877,7 @@ static HRESULT queue_cancel_item(struct queue *queue, RTWQWORKITEM_KEY key)
>                   CloseThreadpoolTimer(item->u.timer_object);
>               else
>                   WARN("Unknown item key mask %#x.\n", (DWORD)key);
> -            queue_release_pending_item(item);
> +            IUnknown_Release(&item->IUnknown_iface);
>               hr = S_OK;
>               break;
>           }
Yes, this looks correct, I think. Why did you have to move 
queue_release_pending_item() though?