Commit in reactos/subsys/win32k/ntuser on MAIN
msgqueue.c+17-191.108 -> 1.109
fixed a bug that caused locking a not anymore existing message queue while dispatching a message. Thanks to Royce for helping me :)
reactos/subsys/win32k/ntuser
msgqueue.c 1.108 -> 1.109
diff -u -r1.108 -r1.109
--- msgqueue.c	20 Nov 2004 16:46:06 -0000	1.108
+++ msgqueue.c	10 Dec 2004 22:40:29 -0000	1.109
@@ -16,7 +16,7 @@

  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  */

-/* $Id: msgqueue.c,v 1.108 2004/11/20 16:46:06 weiden Exp $

+/* $Id: msgqueue.c,v 1.109 2004/12/10 22:40:29 weiden Exp $

  *
  * COPYRIGHT:        See COPYING in the top level directory
  * PROJECT:          ReactOS kernel

@@ -719,7 +719,7 @@

   PUSER_SENT_MESSAGE Message;
   PLIST_ENTRY Entry;
   LRESULT Result;

-  BOOL Freed;

+  BOOL SenderReturned;

   PUSER_SENT_MESSAGE_NOTIFY NotifyMessage;
 
   IntLockMessageQueue(MessageQueue);

@@ -755,8 +755,8 @@

   /* remove the message from the dispatching list, so lock the sender's message queue */
   IntLockMessageQueue(Message->SenderQueue);
   

-  Freed = (Message->DispatchingListEntry.Flink == NULL);
-  if(!Freed)

+  SenderReturned = (Message->DispatchingListEntry.Flink == NULL);
+  if(!SenderReturned)

   {
     /* only remove it from the dispatching list if not already removed by a timeout */
     RemoveEntryList(&Message->DispatchingListEntry);

@@ -780,7 +780,7 @@

   IntUnLockMessageQueue(Message->SenderQueue);
 
   /* Notify the sender if they specified a callback. */

-  if (!Freed && Message->CompletionCallback != NULL)

+  if (!SenderReturned && Message->CompletionCallback != NULL)

     {
       if(!(NotifyMessage = ExAllocatePoolWithTag(NonPagedPool,
 					         sizeof(USER_SENT_MESSAGE_NOTIFY), TAG_USRMSG)))

@@ -799,14 +799,12 @@

     }
 
 Notified:

-  if(!Freed)
-  {
-    /* only dereference our message queue if the message has not been timed out */
-    IntDereferenceMessageQueue(MessageQueue);
-    IntDereferenceMessageQueue(Message->SenderQueue);
-  }

+
+  /* dereference both sender and our queue */
+  IntDereferenceMessageQueue(MessageQueue);
+  IntDereferenceMessageQueue(Message->SenderQueue);

   

-  /* only free the message if not freed already */

+  /* free the message */

   ExFreePool(Message);
   return(TRUE);
 }

@@ -919,8 +917,6 @@

 		Message->CompletionEvent = NULL;
                 Message->Result = NULL;
                 RemoveEntryList(&Message->DispatchingListEntry);

-                IntDereferenceMessageQueue(MessageQueue);
-                IntDereferenceMessageQueue(ThreadQueue);

                 break;
               }
             Entry = Entry->Flink;

@@ -978,8 +974,6 @@

 		    Message->CompletionEvent = NULL;
                     Message->Result = NULL;
                     RemoveEntryList(&Message->DispatchingListEntry);

-                    IntDereferenceMessageQueue(MessageQueue);
-                    IntDereferenceMessageQueue(ThreadQueue);

                     break;
                   }
                 Entry = Entry->Flink;

@@ -1158,8 +1152,9 @@

         KeSetEvent(CurrentSentMessage->CompletionEvent, IO_NO_INCREMENT, FALSE);
       }
       

-      /* dereference our message queue */

+      /* dereference our and the sender's message queue */

       IntDereferenceMessageQueue(MessageQueue);

+      IntDereferenceMessageQueue(CurrentSentMessage->SenderQueue);

       
       /* free the message */
       ExFreePool(CurrentSentMessage);

@@ -1181,8 +1176,9 @@

         KeSetEvent(CurrentSentMessage->CompletionEvent, IO_NO_INCREMENT, FALSE);
       }
       

-      /* dereference our message queue */

+      /* dereference our and the sender's message queue */

       IntDereferenceMessageQueue(MessageQueue);

+      IntDereferenceMessageQueue(CurrentSentMessage->SenderQueue);

       
       /* free the message */
       ExFreePool(CurrentSentMessage);

@@ -1196,7 +1192,9 @@

                                              DispatchingListEntry);
       CurrentSentMessage->CompletionEvent = NULL;
       CurrentSentMessage->Result = NULL;

-      IntDereferenceMessageQueue(MessageQueue);

+
+      /* do NOT dereference our message queue as it might get attempted to be
+         locked later */

     }
   
   IntUnLockMessageQueue(MessageQueue);
CVSspam 0.2.8