If breakpad is initialized / deinitialized from DllMain on process attach /
detach then BREAKPAD_NO_TERMINATE_THREAD causes a crash in the following
scenario:
1) ExceptionHandler::Initialize is called from DllMain under the loader lock.
2) CreateThread(..., ExceptionHandlerThreadMain, ...) is called but the handler
thread does not yet start since the loader lock is still held.
3) The DLL module's refcount hits 0 causing DllMain to be called with
DLL_PROCESS_DETACH, again before the handler thread starts running.
4) in ExceptionHandler::~ExceptionHandler,
WaitForSingleObject(handler_thread_,...) is called but this will always time
out (the handler thread still can't be started since we are again under the
loader lock)
5) DllMain returns, the module unloads
6) The handler thread starts up and calls into the unloaded module.
This crash was observed in Chrome's setup.exe while registering a DLL that uses
breakpad (npchrome_frame.dll).
I recommend updating the comment in exception_handler.cc to state
"do NOT use BREAKPAD_NO_TERMINATE_THREAD if calling ~ExceptionHandler from
under the loader lock".
Original issue reported on code.google.com by robertsh...@chromium.org on 4 Jan 2011 at 9:29
Original issue reported on code.google.com by
robertsh...@chromium.orgon 4 Jan 2011 at 9:29