10 Oct
2015
10 Oct
'15
12:08 p.m.
Author: pschweitzer
Date: Sat Oct 10 12:08:45 2015
New Revision: 69480
URL: http://svn.reactos.org/svn/reactos?rev=69480&view=rev
Log:
[MSFS]
Prevent a race condition on reading message from list.
Spotted by Thomas
Modified:
trunk/reactos/drivers/filesystems/msfs/rw.c
Modified: trunk/reactos/drivers/filesystems/msfs/rw.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/filesystems/msfs/r…
==============================================================================
--- trunk/reactos/drivers/filesystems/msfs/rw.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/filesystems/msfs/rw.c [iso-8859-1] Sat Oct 10 12:08:45 2015
@@ -33,6 +33,7 @@
PKTIMER Timer;
PMSFS_DPC_CTX Context;
PKDPC Dpc;
+ PLIST_ENTRY Entry;
DPRINT("MsfsRead(DeviceObject %p Irp %p)\n", DeviceObject, Irp);
@@ -63,17 +64,14 @@
if (Fcb->MessageCount > 0)
{
+ KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
+ Entry = RemoveHeadList(&Fcb->MessageListHead);
+ KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
+
/* copy current message into buffer */
- Message = CONTAINING_RECORD(Fcb->MessageListHead.Flink,
- MSFS_MESSAGE,
- MessageListEntry);
-
+ Message = CONTAINING_RECORD(Entry, MSFS_MESSAGE, MessageListEntry);
memcpy(Buffer, &Message->Buffer, min(Message->Size,Length));
LengthRead = Message->Size;
-
- KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
- RemoveHeadList(&Fcb->MessageListHead);
- KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
ExFreePoolWithTag(Message, 'rFsM');
Fcb->MessageCount--;