7 Dec
2022
7 Dec
'22
4:15 p.m.
Jacek Caban (@jacek) commented about dlls/jscript/dispex.c:
+ } + + /* Grab it since it gets removed when unlinked */ + jsdisp_addref(obj); + unlink_props(obj); + + if(obj->prototype) { + jsdisp_release(obj->prototype); + obj->prototype = NULL; + } + + if(obj->builtin_info->gc_traverse) + obj->builtin_info->gc_traverse(obj, GC_TRAVERSE_UNLINK, NULL); + + /* Unlinking possibly removed the next object from the list */ + iter = list_next(&ctx->objects, iter); How releasing iter object, which is already unlinked, can modify the list other than removing itself?
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/1635#note_19022