[PATCH v4 0/1] MR8288: msvcrt: Don't release io memory in msvcrt_free_io.
In kernel32/tests/loader.c, child_process will try to write to stdout after calling LdrShutdownProcess. LdrShutdownProcess calls DLL_PROCESS_DETACH on msvcrt, which calls msvcrt_free_io, which frees the ioinfo blocks. So to prevent use after free in this case, we don't free them. * * * Supersedes !8273 -- v4: msvcrt: Don't release io memory in msvcrt_free_io during shutdown. https://gitlab.winehq.org/wine/wine/-/merge_requests/8288
From: Yuxuan Shui <yshui(a)codeweavers.com> In kernel32/tests/loader.c, child_process will try to write to stdout after calling LdrShutdownProcess. LdrShutdownProcess calls DLL_PROCESS_DETACH on msvcrt, which calls msvcrt_free_io, which frees the ioinfo blocks. So to prevent use after free in this case, we don't free them during shutdown. --- dlls/msvcrt/file.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dlls/msvcrt/file.c b/dlls/msvcrt/file.c index 97bfc746abc..e6bcf04d1ee 100644 --- a/dlls/msvcrt/file.c +++ b/dlls/msvcrt/file.c @@ -1395,6 +1395,11 @@ void msvcrt_free_io(void) int j; _flushall(); + + /* Make sure stdio is still usable during shutdown. */ + if (RtlDllShutdownInProgress()) + return; + _fcloseall(); for(i=0; i<ARRAY_SIZE(MSVCRT___pioinfo); i++) -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/8288
On Wed Jun 11 22:44:25 2025 +0000, Piotr Caban wrote:
The data needs to be freed when process is not exiting. I updated the MR, is this what you had in mind?
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/8288#note_106294
Piotr Caban (@piotr) commented about dlls/msvcrt/file.c:
int j;
_flushall(); + + /* Make sure stdio is still usable during shutdown. */ + if (RtlDllShutdownInProgress())
Instead of calling `RtlDllShutdownInProgress` function please call `msvcrt_free_io` with additional parameter (`msvcrt_free_io(lpvReserved != NULL)`). -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8288#note_106322
On Thu Jun 12 11:21:35 2025 +0000, Piotr Caban wrote:
Instead of calling `RtlDllShutdownInProgress` function please call `msvcrt_free_io` with additional parameter (`msvcrt_free_io(lpvReserved != NULL)`). Or just call _flushall() in DllMain...
-- https://gitlab.winehq.org/wine/wine/-/merge_requests/8288#note_106324
I've created !8480 with suggested change to keep things moving. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8288#note_108542
This merge request was closed by Piotr Caban. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8288
participants (4)
-
Alexandre Julliard (@julliard) -
Piotr Caban (@piotr)
-
Yuxuan Shui
-
Yuxuan Shui (@yshui)