[PATCH v2 2/2] jscript: Fix iterating through the map while entries are removed.
Jacek Caban
jacek at codeweavers.com
Tue Jun 7 11:52:44 CDT 2022
Hi Gabriel,
On 6/6/22 16:10, Gabriel Ivăncescu wrote:
> The current entry as well as the next entry may both be removed while
> iterating. Since we release the entry after the callback, obtaining the
> "next" entry would be using possibly freed memory. A safe iteration is
> required, but we need to obtain the next entry after the callback, not at
> the start of the loop, since it can be removed during it.
>
> Signed-off-by: Gabriel Ivăncescu<gabrielopcode at gmail.com>
> ---
>
> This is a pre-existing problem. See for example 64-bit Debian VM results
> here:https://testbot.winehq.org/JobDetails.pl?Key=116313#k2202
>
> dlls/jscript/set.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
I wrote a test and resubmitted with a cleaner version of the second patch.
Thanks,
Jacek
More information about the wine-devel
mailing list