On 17.08.2017 10:11, Anton Romanov wrote:
Does this really work reliable on Windows? If yes it means the current idea of thread safety is not really sufficient. Maybe Windows preserves cache entries for some specific time (or for the duration of the factory), even after the last reference is gone? Or maybe the factory has a reference on each font face?
Sorry, I did misread the patch a bit. I'll take a closer look after I have some sleep. Here is the full lifetime of that fontface grepped from the log: https://paste.ee/p/3No74 ( egrep "(0x97936c8|warn)" ~/Desktop/Magic_Crash.log ) And at the very list I cannot reproduce this crash on either windows or wine with v1 of this patch.
The log contains the following line:
004c:warn:dwrite:factory_get_cached_fontface Failed to get {27f2a904-4eb8-441d-9678-0563f53e3e2f} from fontface, hr 0x80004005.
This means the cached interface was not used, and it is unclear where the pointer in the following line comes from. Maybe I'm missing something, but for me it still looks like a use-after-free. It does not really mean much that v1 "fixed" it, sometimes a small timing difference is sufficient to hide the bug. ;)
Best regards, Sebastian