Opened 10 years ago
Closed 10 years ago
#5590 closed defect (fixed)
CPLSetThreadLocalConfigOption causes crash upon thread termination in 32bit
Reported by: | cleo | Owned by: | warmerdam |
---|---|---|---|
Priority: | normal | Milestone: | 1.11.1 |
Component: | default | Version: | 1.10.1 |
Severity: | critical | Keywords: | |
Cc: |
Description (last modified by )
In 32bit mode, when compiling with STDCALL=YES in nmake.opt, the CPLSetThreadLocalConfigOption() function in port/cpl_conv.cpp sets a deletion callback with CPLSetTLSWithFreeFunc() by passing in a pointer to CSLDestroy. CSLDestroy was changed to STDCALL in 2005, but CPLSetTLSWithFreeFunc() only takes callbacks that are non-STDCALL. So when this callback is run, the stack is out of sync by 4 bytes because the callee removed the argument and so does the caller (resulting in one too many removals of the argument from the stack) and the thread promptly crashes upon return since the return address used is bogus.
This bug has caused us a significant amount of headaches and appears to have been there for quite a while.
I can provide a patch if need be, but basically, the fix is simply to call CPLSetTLSWithFreeFunc() with a non-stdcall wrapper function for CSLDestroy().
Someone familiar with this code should audit those callbacks. In 64-bit, there is only one calling convention, so there were no problems there.
Change History (3)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
Description: | modified (diff) |
---|---|
Severity: | normal → critical |
Version: | unspecified → 1.10.1 |
comment:3 by , 10 years ago
Milestone: | → 1.11.1 |
---|---|
Resolution: | → fixed |
Status: | new → closed |
correction: I meant to say both the caller and *callee* attempt to remove the same argument from the stack.