It looks like DestroyWindow has severe (potential?) problem. There are some
situations when memory occupied be WND structure is released earlier than it
is expected. It happens when window to be destroyed has any owned windows.
The problem place is very end of DestroyWindow:
windows/win.c: line 1417:
----
/* Unlink now so we won't bother with the children later on */
if( wndPtr->parent ) WIN_UnlinkWindow(hwnd);
/* Destroy the window storage */
WIN_ReleaseWndPtr(WIN_DestroyWindow( wndPtr ));
retvalue = TRUE;
end:
WIN_ReleaseWndPtr(wndPtr);
return retvalue;
}
---
Unlinked wndPtr still keeps pointer to the next window.
WIN_DestroyWindow is supposed to clean up window data and returns locked
pointer to next window. So we call WIN_ReleaseWndPtr to unlock it.
Several lines above this point DestroyWindow calls itself to destroy owned
windows. Sometimes owned window can have owner as next window in chain. So
it goes to WIN_Release(WIN_Destroy) place. I can't figure out where we
skipped
lock increment, but WIN_Release recieves wndPtr with irefCount == 1 so it
frees memory used by window.
A possible solution is to zero next ptr in UnlinkWindow as follows:
----
Index: win.c
===================================================================
RCS file: /home/cvs/r/corelwine/windows/win.c,v
retrieving revision 1.92
diff -u -r1.18 win.c
--- win.c 2000/06/08 01:01:09 1.92
+++ win.c 2000/06/08 19:46:31
@@ -320,6 +320,7 @@
if (*ppWnd)
{
*ppWnd = wndPtr->next;
+ wndPtr->next = NULL;
ret = TRUE;
}
WIN_ReleaseWndPtr(wndPtr);
----
Or we can do it locally in DestroyWindow right after UnlinkWindow call.
Any comments?
--
Serge Ivanov
[EMAIL PROTECTED]
--
The address in the headers is not the poster's real email address. Do not send
private mail to the poster using your mailer's "reply" feature. CC's of mail
to mailing lists are OK. Problem reports to "[EMAIL PROTECTED]".
The poster's email address is "[EMAIL PROTECTED]".
