1 Nov
2023
1 Nov
'23
2:32 p.m.
On Wed Nov 1 14:24:52 2023 +0000, Nikolay Sivov wrote:
I haven't read through properly yet, but isn't it possible TP objects might already be freed at this point, or at any point really. Is this fix purely theoretical, or it's possible to demonstrate the issue reliably?
the only place the TP objects are freed is in this function or in `work_item_Release`. we set the pointers to the TP objects to `NULL` while holding the queue lock (which means no other threads can remove the item from `queue->pending_items`, which in turn means the work item will have at least 1 reference), so `work_item_Release` won't release it. therefore we can safely release it here.
i haven't tried to demonstrate this issue but it's clearly there