Author: pschweitzer Date: Sat Oct 10 12:08:45 2015 New Revision: 69480
URL: http://svn.reactos.org/svn/reactos?rev=69480&view=rev Log: [MSFS] Prevent a race condition on reading message from list. Spotted by Thomas
Modified: trunk/reactos/drivers/filesystems/msfs/rw.c
Modified: trunk/reactos/drivers/filesystems/msfs/rw.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/msfs/rw... ============================================================================== --- trunk/reactos/drivers/filesystems/msfs/rw.c [iso-8859-1] (original) +++ trunk/reactos/drivers/filesystems/msfs/rw.c [iso-8859-1] Sat Oct 10 12:08:45 2015 @@ -33,6 +33,7 @@ PKTIMER Timer; PMSFS_DPC_CTX Context; PKDPC Dpc; + PLIST_ENTRY Entry;
DPRINT("MsfsRead(DeviceObject %p Irp %p)\n", DeviceObject, Irp);
@@ -63,17 +64,14 @@
if (Fcb->MessageCount > 0) { + KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql); + Entry = RemoveHeadList(&Fcb->MessageListHead); + KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql); + /* copy current message into buffer */ - Message = CONTAINING_RECORD(Fcb->MessageListHead.Flink, - MSFS_MESSAGE, - MessageListEntry); - + Message = CONTAINING_RECORD(Entry, MSFS_MESSAGE, MessageListEntry); memcpy(Buffer, &Message->Buffer, min(Message->Size,Length)); LengthRead = Message->Size; - - KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql); - RemoveHeadList(&Fcb->MessageListHead); - KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
ExFreePoolWithTag(Message, 'rFsM'); Fcb->MessageCount--;