[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wine-devel
Subject:    Re: [PATCH] ole32: LeaveCriticalSection in one exit case (Coverity)
From:       Marcus Meissner <marcus () jet ! franken ! de>
Date:       2013-06-25 8:00:33
Message-ID: 20130625080032.GA4782 () jet ! franken ! de
[Download RAW message or body]

On Sun, Jun 23, 2013 at 08:43:18PM +0900, Dmitry Timoshkov wrote:
> Marcus Meissner <marcus@jet.franken.de> wrote:
> 
> > > > --- a/dlls/ole32/ifs.c
> > > > +++ b/dlls/ole32/ifs.c
> > > > @@ -217,6 +217,8 @@ static LPVOID WINAPI IMalloc_fnRealloc(LPMALLOC iface,LPVOID pv,DWORD cb) {
> > > >  	        IMallocSpy_Release(Malloc32.pSpy);
> > > >  		Malloc32.SpyReleasePending = FALSE;
> > > >  		Malloc32.pSpy = NULL;
> > > > +		/* cb == 0 case will release it some lines below. */
> > > > +		if (cb) LeaveCriticalSection(&IMalloc32_SpyCS);
> > > >  	    }
> > > >  
> > > >  	    if (0==cb) {
> > > 
> > > Why not unconditionally release the lock before the '0==cb' check?
> > 
> > That would cause LeaveCriticalSection be called twice with a race window inbetween.
> 
> Of course you'd need to remove a redundant LeaveCriticalSection under
> 'if (0==cb)' case, and I don't see a race there.

I resubmitted a slightly improved fix, but I do not think it can be made as simple as you think it can.

Ciao, Marcus


[prev in list] [next in list] [prev in thread] [next in thread]