Set tube->ev_listen to NULL to prevent double unregister in winsock code path #774
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
On windows when using threaded mode (i.e. `ub_ctx_async(ctx, 1)`) tube_remove_bg_listen gets called twice: once when the thread does its own cleanup, then again in `tube_delete()`. Because `ev_listen` doesn't get cleared, however, we end we calling ub_winsock_unregister_wsaevent with a freed pointer. This doesn't always manifest because, apparently, for various compilers and settings that memory *might* be overwritten in which case the additional check for ev->magic will prevent anything actually happening, but in my case under mingw32 that doesn't happen and we end up eventually crashing. This fixes the crash by properly NULLing the pointer so that the second ub_winsock_unregister_wsaevent(...) becomes a no-op.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
On windows when using threaded mode (i.e.
ub_ctx_async(ctx, 1))tube_remove_bg_listengets called twice during aub_ctx_delete: once when the thread does its own cleanup, then again intube_delete(). Becauseev_listendoesn't get cleared, however, we end we callingub_winsock_unregister_wsaevent()with a freed pointer on the second call.This doesn't always manifest because, apparently, for various compilers and settings that memory might be overwritten in which case the additional check for ev->magic will prevent anything actually happening, but in my case under mingw32 that doesn't happen and we end up crashing (but frustratingly does get changed under gdb, which made this rather annoying to track down).
This fixes the crash by properly NULLing the pointer so that the second
ub_winsock_unregister_wsaevent(...)becomes a no-op.(Setting it to null also matches what the non-winsock version of the code does).