Author: jimtabor Date: Fri Nov 6 09:37:30 2015 New Revision: 69818
URL: http://svn.reactos.org/svn/reactos?rev=69818&view=rev Log: [Win32k] - Fix use after free crash in send messages timeout tests. See CORE-10482 - Dedicated to Thomas Faber.
Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.c
Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/msgqueu... ============================================================================== --- trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] Fri Nov 6 09:37:30 2015 @@ -778,7 +778,7 @@ KeInitializeEvent(Message->pkCompletionEvent, NotificationEvent, FALSE); } SendMsgCount++; - //ERR("AUM pti %p msg %p\n",PsGetCurrentThreadWin32Thread(),Message); + TRACE("AUM pti %p msg %p\n",PsGetCurrentThreadWin32Thread(),Message); return Message; }
@@ -2226,6 +2226,12 @@ else if ( pti == CurrentSentMessage->ptiSender || pti == CurrentSentMessage->ptiCallBackSender ) { + // Determine whether this message is being processed or not. + if ((CurrentSentMessage->flags & (SMF_RECEIVERBUSY|SMF_RECEIVEDMESSAGE)) != SMF_RECEIVEDMESSAGE) + { + CurrentSentMessage->flags |= SMF_RECEIVERFREE; + } + if (!(CurrentSentMessage->flags & SMF_RECEIVERFREE)) {