In kernel32/tests/loader.c, child_process will try to write to stdout after calling LdrShutdownProcess. LdrShutdownProcess calls DLL_PROCESS_DETACH on msvcrt, which calls msvcrt_free_io, which frees the ioinfo blocks. So to prevent use after free in this case, we don't free them.
* * *
Supersedes !8273
-- v4: msvcrt: Don't release io memory in msvcrt_free_io during shutdown.
From: Yuxuan Shui yshui@codeweavers.com
In kernel32/tests/loader.c, child_process will try to write to stdout after calling LdrShutdownProcess. LdrShutdownProcess calls DLL_PROCESS_DETACH on msvcrt, which calls msvcrt_free_io, which frees the ioinfo blocks. So to prevent use after free in this case, we don't free them during shutdown. --- dlls/msvcrt/file.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/dlls/msvcrt/file.c b/dlls/msvcrt/file.c index 97bfc746abc..e6bcf04d1ee 100644 --- a/dlls/msvcrt/file.c +++ b/dlls/msvcrt/file.c @@ -1395,6 +1395,11 @@ void msvcrt_free_io(void) int j;
_flushall(); + + /* Make sure stdio is still usable during shutdown. */ + if (RtlDllShutdownInProgress()) + return; + _fcloseall();
for(i=0; i<ARRAY_SIZE(MSVCRT___pioinfo); i++)
On Wed Jun 11 22:44:25 2025 +0000, Piotr Caban wrote:
The data needs to be freed when process is not exiting.
I updated the MR, is this what you had in mind?
Piotr Caban (@piotr) commented about dlls/msvcrt/file.c:
int j; _flushall();
- /* Make sure stdio is still usable during shutdown. */
- if (RtlDllShutdownInProgress())
Instead of calling `RtlDllShutdownInProgress` function please call `msvcrt_free_io` with additional parameter (`msvcrt_free_io(lpvReserved != NULL)`).
On Thu Jun 12 11:21:35 2025 +0000, Piotr Caban wrote:
Instead of calling `RtlDllShutdownInProgress` function please call `msvcrt_free_io` with additional parameter (`msvcrt_free_io(lpvReserved != NULL)`).
Or just call _flushall() in DllMain...
-
Alexandre Julliard (@julliard) -
Piotr Caban (@piotr)
-
Yuxuan Shui
-
Yuxuan Shui (@yshui)