19 Sep
2022
19 Sep
'22
2:58 p.m.
Bernhard Kölbl (@besentv) commented about dlls/threadpoolwinrt/main.c:
+ ResumeThread(thread); + } + CloseHandle(thread); + } + else + { + hr = submit_threadpool_work(item, priority); + } + + if (FAILED(hr)) + { + release_work_item(item); + return hr; + } + + IAsyncAction_AddRef((*action = item->action)); Maybe I'm not seeing this correctly, but I think you're potentially accessing freed memory here.
Because in `alloc_work_item` you create IAsyncAction with refcount 1, then sumbit the work to Thread/Threadpool and free the work item inside the callback including IAsyncAction. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/891#note_8831