https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e3a706627984622c381ba…
commit e3a706627984622c381ba8239d4fafe8e41b9ba5
Author: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org>
AuthorDate: Wed Apr 15 14:07:25 2020 +0200
Commit: Hermès Bélusca-Maïto <hermes.belusca-maito(a)reactos.org>
CommitDate: Wed Apr 15 14:14:06 2020 +0200
[CSRSRV] CsrCaptureArguments(): Tell the compiler the contents ClientCaptureBuffer
points to has a volatile character.
See
https://docs.microsoft.com/fr-fr/archive/blogs/itgoestoeleven/why-your-user…
for more details.
Since the contents of ClientCaptureBuffer is in the shared memory, the
client could modify it while it is being probed and captured, and so we
have to avoid any potential compiler optimizations regarding the
captured "Length = ClientCaptureBuffer->Size" and
"PointerCount = ClientCaptureBuffer->PointerCount" values.
---
subsystems/win32/csrsrv/api.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/subsystems/win32/csrsrv/api.c b/subsystems/win32/csrsrv/api.c
index 8561ee13943..9120794b16e 100644
--- a/subsystems/win32/csrsrv/api.c
+++ b/subsystems/win32/csrsrv/api.c
@@ -848,7 +848,6 @@ CsrApiRequestThread(IN PVOID Parameter)
/* Reply back to the API port now */
ReplyMsg = NULL;
ReplyPort = CsrApiPort;
-
CsrDereferenceThread(CsrThread);
}
else if (ReplyCode == CsrReplyPending)
@@ -1121,7 +1120,8 @@ CsrCaptureArguments(IN PCSR_THREAD CsrThread,
IN PCSR_API_MESSAGE ApiMessage)
{
PCSR_PROCESS CsrProcess = CsrThread->Process;
- PCSR_CAPTURE_BUFFER ClientCaptureBuffer, ServerCaptureBuffer = NULL;
+ volatile CSR_CAPTURE_BUFFER* ClientCaptureBuffer;
+ PCSR_CAPTURE_BUFFER ServerCaptureBuffer = NULL;
ULONG_PTR EndOfClientBuffer;
SIZE_T SizeOfBufferThroughOffsetsArray;
SIZE_T BufferDistance;