diff options
author | wm4 <wm4@nowhere> | 2017-08-21 17:34:27 +0200 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2017-08-21 17:47:00 +0200 |
commit | d431111b0647278d2bc234e9e6551c0b7e6c2b6f (patch) | |
tree | ef0f99cfd4df7b87af48599a08e1673e7182766a | |
parent | b21e0746f6ac0cd2e6faf7590e3aad53b0437d0f (diff) | |
download | mpv-d431111b0647278d2bc234e9e6551c0b7e6c2b6f.tar.bz2 mpv-d431111b0647278d2bc234e9e6551c0b7e6c2b6f.tar.xz |
win32: fix massive memory corruption
The struct m_thread_info pointer is part of an array, that will be
reallocated if another thread is created while the run_thread is just
being called. In previous versions of this code, the pointer was stable
(as long as the thread existed), so this was overlooked.
Fixes #4770. I'm not sure why this triggers it so reliably, while it
remained undetected otherwise.
-rw-r--r-- | osdep/win32/pthread.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/osdep/win32/pthread.c b/osdep/win32/pthread.c index dfc70288ac..d4a5ddc22a 100644 --- a/osdep/win32/pthread.c +++ b/osdep/win32/pthread.c @@ -205,7 +205,11 @@ int pthread_detach(pthread_t thread) static DWORD WINAPI run_thread(LPVOID lpParameter) { - struct m_thread_info *info = lpParameter; + pthread_mutex_lock(&pthread_table_lock); + struct m_thread_info *info = find_thread_info(pthread_self()); + assert(info); + pthread_mutex_unlock(&pthread_table_lock); + pthread_exit(info->user_fn(info->user_arg)); abort(); // not reached } @@ -228,7 +232,7 @@ int pthread_create(pthread_t *thread, const pthread_attr_t *attr, .user_fn = start_routine, .user_arg = arg, }; - info->handle = CreateThread(NULL, 0, run_thread, info, CREATE_SUSPENDED, + info->handle = CreateThread(NULL, 0, run_thread, NULL, CREATE_SUSPENDED, &info->id); if (!info->handle) { remove_thread_info(info); |