Author: tfaber Date: Sat Apr 15 17:39:49 2017 New Revision: 74318
URL: http://svn.reactos.org/svn/reactos?rev=74318&view=rev Log: [RTL] - In Wait_thread_proc, prioritize the cancel event over the wait object. This avoids executing the callback again after RtlDeregisterWait has been called. Fixes ThemeStartCallback being called twice, causing a double free. CORE-13074 #resolve
Modified: trunk/reactos/sdk/lib/rtl/wait.c
Modified: trunk/reactos/sdk/lib/rtl/wait.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/rtl/wait.c?rev=7431... ============================================================================== --- trunk/reactos/sdk/lib/rtl/wait.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/rtl/wait.c [iso-8859-1] Sat Apr 15 17:39:49 2017 @@ -45,7 +45,7 @@ PRTLP_WAIT Wait = (PRTLP_WAIT) Arg; NTSTATUS Status; BOOLEAN alertable = (Wait->Flags & WT_EXECUTEINIOTHREAD) != 0; - HANDLE handles[2] = { Wait->Object, Wait->CancelEvent }; + HANDLE handles[2] = { Wait->CancelEvent, Wait->Object }; LARGE_INTEGER timeout; HANDLE completion_event;
@@ -59,11 +59,11 @@ alertable, get_nt_timeout( &timeout, Wait->Milliseconds ) );
- if (Status == STATUS_WAIT_0 || Status == STATUS_TIMEOUT) + if (Status == STATUS_WAIT_1 || Status == STATUS_TIMEOUT) { BOOLEAN TimerOrWaitFired;
- if (Status == STATUS_WAIT_0) + if (Status == STATUS_WAIT_1) { // TRACE( "object %p signaled, calling callback %p with context %p\n", // Wait->Object, Wait->Callback,