Details
-
Bug
-
Resolution: Out of scope
-
P1: Critical
-
None
-
5.1.1
-
None
-
Win32, VS2012
Description
Infinite loop in IEnumConnections enumerator if another instance of the enumerator calls its Reset method. Two independent instances of connection enumerator are created by calling EnumConnection method. Resetting one enumerator while iterating another causes infinite loop.
void invalidBehavior1( IQTCrashPtr qtObject, TestSinkPtr sink )
{
IConnectionPointPtr connectionPoint;
IConnectionPointContainerPtr( qtObject )->FindConnectionPoint( __uuidof( IQTCrashEvents ), &connectionPoint );
DWORD cookie;
connectionPoint->Advise( sink, &cookie ); // first connection
IEnumConnectionsPtr connections1;
connectionPoint->EnumConnections( &connections1 );
connections1->Reset(); // calling ->Next will crash without this
IEnumConnectionsPtr connections2;
connectionPoint->EnumConnections( &connections2 );
connections2->Reset(); // calling ->Next will crash without this
DWORD fetched;
CONNECTDATA cd = { 0, 0 };
while( connections1->Next( 1, &cd, &fetched ) == S_OK ) // infinite loop here
{
if( cd.pUnk )
cd.pUnk->Release();
connections2->Reset(); // resets both iterators states
}
connectionPoint->Unadvise( cookie );
}
Example project that demonstrates the crash is attached