[Issue 14097] root/async.c: use after free
via Digitalmars-d-bugs
digitalmars-d-bugs at puremagic.com
Thu Feb 12 01:11:32 PST 2015
https://issues.dlang.org/show_bug.cgi?id=14097
--- Comment #5 from Ketmar Dark <ketmar at ketmar.no-ip.org> ---
it is possible.
1. executing WaitForSingleObject(f->event, INFINITE); in `dispose()`.
2. last `f->result = f->file->read();` fires event
3. time slice goes to `dispose()`, it finishes and frees `aw`.
4. time slice returns to `startthread` (we are still in loop, right after
`f->file->read()`.
5. `startthread` executes `i < aw->filesdim` in `for`… oops.
--
More information about the Digitalmars-d-bugs
mailing list