Crash in g_thread_xp_SleepConditionVariableSRW
Submitted by rod..@..il.com
Link to original bug (#666551)
Description
Created attachment 203905 Patch to fix crash in gthreads-win32.c
I've been getting some random crashes with the latest version of glib/gtk+ in Windows, particularly in the GtkFileChooserDialog and similar.
After some hard debugging days, I think I've found it: the problem is in function g_thread_xp_SleepConditionVariableSRW() (gthread-win32.c).
This function first inserts the current thread 'waiter' in the cv list of waiters; then it calls WaitForSingleObject(), but it never removes the 'waiter' from the list. This looks correct, because both g_thread_xp_WakeConditionVariable() and g_thread_xp_WakeAllConditionVariable() remove the 'waiter' of the awaken thread.
But what happens if nobody awakes the thread, and WaitForSingleObject() returns with a timeout? The 'waiter' is kept in the cv list!
After that, the thread finishes, the waiter is destroyed, and the next time the cv is used... crash!
My proposed patch removes (I think it does, that list is tricky!) the 'waiter' before returning if present in the list. That should only be necessary if 'status == WAIT_TIMEOUT', but who knows... Please, feel free to change it if you see fit.
Patch 203905, "Patch to fix crash in gthreads-win32.c":
threads.diff
Version: 2.31.x