RepoMirrors
/
mpv
mirror of https://github.com/mpv-player/mpv
1
0
Fork 0
Code Issues Releases Wiki Activity

win32: fix massive memory corruption 

The struct m_thread_info pointer is part of an array, that will be
reallocated if another thread is created while the run_thread is just
being called. In previous versions of this code, the pointer was stable
(as long as the thread existed), so this was overlooked.

Fixes #4770. I'm not sure why this triggers it so reliably, while it
remained undetected otherwise.
This commit is contained in:
wm4 2017-08-21 17:34:27 +02:00
parent b21e0746f6
commit d431111b06
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
osdep/win32/pthread.c
View File

@ -205,7 +205,11 @@ int pthread_detach(pthread_t thread)
static DWORD WINAPI run_thread(LPVOID lpParameter)
{
struct m_thread_info *info = lpParameter;
pthread_mutex_lock(&pthread_table_lock);
struct m_thread_info *info = find_thread_info(pthread_self());
assert(info);
pthread_mutex_unlock(&pthread_table_lock);
pthread_exit(info->user_fn(info->user_arg));
abort(); // not reached
}
@ -228,7 +232,7 @@ int pthread_create(pthread_t *thread, const pthread_attr_t *attr,
.user_fn = start_routine,
.user_arg = arg,
};
info->handle = CreateThread(NULL, 0, run_thread, info, CREATE_SUSPENDED,
info->handle = CreateThread(NULL, 0, run_thread, NULL, CREATE_SUSPENDED,
&info->id);
if (!info->handle) {
remove_thread_info(info);