On Wed, Aug 16, 2017 at 10:05 PM, Anton Romanov theli.ua@gmail.com wrote:
On Tue, Aug 15, 2017 at 4:40 AM, Nikolay Sivov nsivov@codeweavers.com wrote:
Signed-off-by: Nikolay Sivov nsivov@codeweavers.com
dlls/dwrite/dwrite_private.h | 15 ++++++++--- dlls/dwrite/font.c | 30 +++++++++++++-------- dlls/dwrite/main.c | 63 +++++++++++++++++++++++++++++++------------- 3 files changed, 74 insertions(+), 34 deletions(-)
Since apps seem to freely use fontface interfaces from multiple threads - Isn't the following race possible?
+----------------+------------------------+-------------------------+ | T1 | T2 | T3 | +----------------+------------------------+-------------------------+ | Release | | | | Decrement | | | | == 0 -> True | | | | | Query_Interface/AddRef | | | | Increment | | | | | Release | | | | Decrement | | free(cached) | | | | factory_unlock | | | | | | use after free (cached) | +----------------+------------------------+-------------------------+
Actually, with this version of the patch looks like this is exactly the crash I'm consistently getting now (was fine with v1):
0093:trace:dwrite:dwritefontface_Release (0x97936c8)->(1) 0093:trace:dwrite:dwritefontface_Release (0x97936c8)->(0) 004c:trace:dwrite:dwritefontface_GetFiles (0x97936c8)->(0x339d58 0x339d50) 004c:trace:dwrite:dwritefontface_GetIndex (0x97936c8) 004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("GSUB" 0x339e60 0x339e68 0x339e64 0x339e5c) 004c:trace:dwrite:dwritefontface_ReleaseFontTable (0x97936c8)->((nil)) 004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("glyf" 0x339e00 0x339e08 0x339e04 0x339dfc) 004c:trace:dwrite:dwritefontface_ReleaseFontTable (0x97936c8)->((nil)) 004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("CFF " 0x339e00 0x339e08 0x339e04 0x339dfc) 004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("COLR" 0x339e00 0x339e08 0x339e04 0x339dfc) 004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("SVG " 0x339e00 0x339e08 0x339e04 0x339dfc) 004c:trace:dwrite:dwritefontface_TryGetFontTable (0x97936c8)->("sbix" 0x339e00 0x339e08 0x339e04 0x339dfc) 004c:trace:dwrite:dwritetextanalyzer_GetGlyphPlacements (L"1" 0x33b264 0x33b444 1 0x9636198 0x9635dc0 1 0x97936c8 16.00 0 0 "Zyyy" L"en-US" 0x95f5760 0x70456084 1 0x96ef808 0xd231630) 004c:trace:dwrite:dwritefontface_QueryInterface (0x97936c8)->({a71efdb4-9fdb-4838-ad90-cfc3be8c3daf} 0x339fd0) 004c:trace:dwrite:dwritefontface_GetMetrics (0x97936c8)->(0x339fd8) 004c:trace:dwrite:dwritefontface1_GetDesignGlyphAdvances (0x97936c8)->(1 0x9636198 0x339fd4 0) 004c:trace:dwrite:dwritefontface_Release (0x97936c8)->(1) 004c:trace:dwrite:dwritefontface_GetDesignGlyphMetrics (0x97936c8)->(0x7045637c 1 0x7045638c 0) 004c:trace:dwrite:dwritefontface_GetSimulations (0x97936c8) 004c:trace:dwrite:dwritefontface_Release (0x97936c8)->(0) wine: Unhandled page fault on read access to 0xffffffff at address 0x37719c8 (thread 004c), starting debugger...