24 Oct
2014
24 Oct
'14
11:34 a.m.
Author: jgardou
Date: Fri Oct 24 11:34:55 2014
New Revision: 64954
URL: http://svn.reactos.org/svn/reactos?rev=64954&view=rev
Log:
[WIN32K]
- Do not dereference hook objects when it's not needed.
- Avoid use after free.
CORE-8698 #resolve
Modified:
trunk/reactos/win32ss/user/ntuser/hook.c
Modified: trunk/reactos/win32ss/user/ntuser/hook.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/hook.c…
==============================================================================
--- trunk/reactos/win32ss/user/ntuser/hook.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/hook.c [iso-8859-1] Fri Oct 24 11:34:55 2014
@@ -1294,12 +1294,14 @@
{
Hook = CONTAINING_RECORD(pElement, HOOK, Chain);
+ /* Get the next element now, we might free the hook in what follows */
+ pElement = Hook->Chain.Flink;
+
if (Hook->Proc == pfnFilterProc)
{
if (Hook->head.pti == pti)
{
IntRemoveHook(Hook);
- UserDereferenceObject(Hook);
return TRUE;
}
else
@@ -1308,8 +1310,6 @@
return FALSE;
}
}
-
- pElement = Hook->Chain.Flink;
}
}
return FALSE;