Re: [PATCH v3 0/3] MR4243: rtworkq: free cancelled work items

1 Nov 2023

      Nikolay Sivov (@nsivov) commented about dlls/rtworkq/queue.c:
...

// Safely either stop the thread pool object, or if the callback is already running, wait for it to finish.
// This way, we can safely release the reference to the work item.
if (work_object_type == WORK_ITEM_WAIT)
{
   SetThreadpoolWait(work_object.wait_object, NULL, NULL);

   WaitForThreadpoolWaitCallbacks(work_object.wait_object, TRUE);

   CloseThreadpoolWait(work_object.wait_object);

}
else if (work_object_type == WORK_ITEM_TIMER)
{
   SetThreadpoolTimer(work_object.timer_object, NULL, 0, 0);

   WaitForThreadpoolTimerCallbacks(work_object.timer_object, TRUE);

   CloseThreadpoolTimer(work_object.timer_object);

}

I haven't read through properly yet, but isn't it possible TP objects might already be freed at this point, or at any point really.
Is this fix purely theoretical, or it's possible to demonstrate the issue reliably?
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/4243#note_50496

2025

2024

2023

2022

Re: [PATCH v3 0/3] MR4243: rtworkq: free cancelled work items