[PATCH] explorer: make process as system process.

Qian Hong qhong at codeweavers.com
Thu Nov 19 21:10:46 CST 2015 

Hi,

This patch fix a desktop user count leak in wineserver uncovered by 
5da10c9a0e405c4b502be820ae0385d634306a76. Below is how the desktop user 
reference count leaked before the patch:

1. When the first user process created normally, explorer.exe also 
created normally with new desktop "Default"
2. One user process creates Thread 2, Thread 2 creates a new desktop 
called "desk2", then switch its thread desktop to "desk2" and creates a 
window, this will bring up a new explorer.exe which handles "desk2".
3. Thread 2 destroy the window, and switch the thread desktop back to 
"Default". At this time, there is no user of "desk 2" other than the 
second explorer.exe itself, however the user refcount doesn't decrease 
because we increase/decrease refcount base on process rather than thread.
4. All user process exit, the user refcount of "Default" decrease to 0 
so it post a message to close the first explorer.exe. However, the 
second explorer.exe never exit because the refcount leaking in step 3.

One possible solution is to count threads as users rather than 
processes, but explorer.exe itself could have more than on thread, which 
makes this way complex. The attached patch use another way, just make 
explorer.exe an system process, and it will quit automatically few 
seconds after all user process exit. I don't know if there is a 
historical reason not to make explorer.exe a system process, or if there 
is a compatible reason, any background is great appreciated.

I agree this patch might not be safe enough for code freeze, just put it 
here for code review. If anyone is going to implement alternative way to 
fix this problem I'm also glad to see.

Thank you!



Signed-off-by: Qian Hong <qhong at codeweavers.com>
---
  programs/explorer/desktop.c | 12 +++++++++-
  server/process.c            |  2 --
  server/user.h               |  2 --
  server/winstation.c         | 54 
---------------------------------------------
  4 files changed, 11 insertions(+), 59 deletions(-)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-explorer-make-process-as-system-process.txt
Type: text/x-patch
Size: 6206 bytes
Desc: not available
URL: <http://www.winehq.org/pipermail/wine-patches/attachments/20151120/eb043423/attachment.bin>

More information about the wine-patches mailing list