Skip to content

Draft: gwin32fsmonitorutils: fix use-after-free

gwillems requested to merge g.willems/glib:3241_fix_use_after_free_GWin32FileMonitor into main

Track when notifications are expected in order to properly release the monitor resources, i.e. after the notification elapsed and the parent object has been destroyed.

Implementation notes:

  • Every successful ReadDirectoryChangesW request will emit a single callback notification, including when closing the handle. We must register again in callback for further notifications, unless a cancellation or finalization were requested.
  • Calling CloseHandle from g_win32_fs_monitor_finalize is not an option, as there is no way to guarantee when this finalization will occur (see garbage collection in language bindings like Python), and keeping the handle alive would block file operations like moving folders.
  • We must ensure we call CloseHandle exactly once. Using CloseIoEx before would add too many usecases for where calling the final CloseHandle, so keep doing CloseHandle only on cancellation request.

.

Fixes #3241

Closes #3241

Merge request reports