wyoojune / google-breakpad

Automatically exported from code.google.com/p/google-breakpad
0 stars 0 forks source link

ClientInfo::UnregisterWaits checks the return code of UnregisterWait incorrectly, leading to a crash #384

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Multi-process crash reporting in Firefox:

If you shut down while a process is trying to hook up crash reporting, we
end up in CrashGenerationServer::CrashGenerationServer which calls
ClientInfo::UnregisterWaits.

In UnregisterWaits calls UnregisterWait (Windows API), and checks the
return value. But there is a trick of the return value of UnregisterWait:
http://msdn.microsoft.com/en-us/library/ms686870%28VS.85%29.aspx says that
if there is a callback pending on the handle, the function will unregister
the wait, return FALSE and GetLastError will have ERROR_IO_PENDING.

This means that the ClientInfo ends up with a invalid handle. When we get
to ClientInfo::~ClientInfo we try to UnregisterWaitEx again, which crashes
with an INVALID_PARAMETER exception.

Original issue reported on code.google.com by bsmedb...@gmail.com on 5 May 2010 at 7:25

GoogleCodeExporter commented 9 years ago
Fixed in r603

Original comment by ted.mielczarek on 19 May 2010 at 1:41