2006/11/10, Mike McCormack mike@codeweavers.com:
Eric Pouech wrote:
IIRC, the issue in this code is that you access in _SAFE macro the next field in the current cursor *after* the current cursor has been freed the issue is not that the next item has been freed while itering on the current cursor (this was at least the issue I had)
It looks like kill_thread can recurse if another thread is waiting on the current thread we're killing.
wake_up -> wake_thread -> send_thread_wakeup -> kill_thread
If the waiting thread is in the current process, and it's later in the list, I'm not sure anything stops it from being free'd.
well, the kill_thread in that case in only done when the waiting thread also died while waiting (ie has been killed by some other way) (in normal cases, the wait operation on the waiting side would just return an error code) the I'm not still conviced this path is actually executed in that case what lead you to write the patch ? A+