6 Mar
2024
6 Mar
'24
9:04 a.m.
On Wed Mar 6 08:08:13 2024 +0000, Zhiyi Zhang wrote:
Hmm, i think the clearer version does have a use-after-free problem.
If the item is freed in `queue_cancel_item` while `scheduled_item_cancelable_callback`/`waiting_item_cancelable_callback` is running, the latter will use-after-free. How can this use-after-free happen? If scheduled_item_cancelable_callback() is still running, queue_cancel_item() merely decreases the work item reference count and not actually releasing the object.
the use-after-free happens _if_ I add the `IUnknown_Release(&item->IUnknown_iface)`