[ros-diffs] [tfaber] 74318: [RTL] - In Wait_thread_proc, prioritize the cancel event over the wait object. This avoids executing the callback again after RtlDeregisterWait has been called. Fixes ThemeStartCall...

Author: tfaber Date: Sat Apr 15 17:39:49 2017 New Revision: 74318 URL: http://svn.reactos.org/svn/reactos?rev=74318&view=rev Log: [RTL] - In Wait_thread_proc, prioritize the cancel event over the wait object. This avoids executing the callback again after RtlDeregisterWait has been called. Fixes ThemeStartCallback being called twice, causing a double free. CORE-13074 #resolve Modified: trunk/reactos/sdk/lib/rtl/wait.c Modified: trunk/reactos/sdk/lib/rtl/wait.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/rtl/wait.c?rev=743… ============================================================================== --- trunk/reactos/sdk/lib/rtl/wait.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/rtl/wait.c [iso-8859-1] Sat Apr 15 17:39:49 2017 @@ -45,7 +45,7 @@ PRTLP_WAIT Wait = (PRTLP_WAIT) Arg; NTSTATUS Status; BOOLEAN alertable = (Wait->Flags & WT_EXECUTEINIOTHREAD) != 0; - HANDLE handles[2] = { Wait->Object, Wait->CancelEvent }; + HANDLE handles[2] = { Wait->CancelEvent, Wait->Object }; LARGE_INTEGER timeout; HANDLE completion_event; @@ -59,11 +59,11 @@ alertable, get_nt_timeout( &timeout, Wait->Milliseconds ) ); - if (Status == STATUS_WAIT_0 || Status == STATUS_TIMEOUT) + if (Status == STATUS_WAIT_1 || Status == STATUS_TIMEOUT) { BOOLEAN TimerOrWaitFired; - if (Status == STATUS_WAIT_0) + if (Status == STATUS_WAIT_1) { // TRACE( "object %p signaled, calling callback %p with context %p\n", // Wait->Object, Wait->Callback,