[ros-diffs] [tfaber] 67907: [WIN32K:NTUSER] - Use UserRefObjectCo in IntNotifyWinEvent to avoid a reference leak in case the call-out does not return - Sanitize list walk

25 May 2015

Author: tfaber
Date: Mon May 25 15:28:06 2015
New Revision: 67907

URL: http://svn.reactos.org/svn/reactos?rev=67907&view=rev
Log:
[WIN32K:NTUSER]
- Use UserRefObjectCo in IntNotifyWinEvent to avoid a reference leak in case the call-out
does not return
- Sanitize list walk

Modified:
    trunk/reactos/win32ss/user/ntuser/event.c

Modified: trunk/reactos/win32ss/user/ntuser/event.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/event.…
==============================================================================

--- trunk/reactos/win32ss/user/ntuser/event.c	[iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/event.c	[iso-8859-1] Mon May 25 15:28:06 2015
@@ -184,8 +184,9 @@
    DWORD flags)
 {
    PEVENTHOOK pEH;
-   PLIST_ENTRY pLE;
+   PLIST_ENTRY ListEntry;
    PTHREADINFO pti, ptiCurrent;
+   USER_REFERENCE_ENTRY Ref;
 
    TRACE("IntNotifyWinEvent GlobalEvents = %p pWnd %p\n", GlobalEvents, pWnd);
 
@@ -200,12 +201,13 @@
    else
       pti = ptiCurrent;
 
-   pLE = GlobalEvents->Events.Flink;
-   pEH = CONTAINING_RECORD(pLE, EVENTHOOK, Chain);
-   do
-   {
-     if (!pEH) break;
-     UserReferenceObject(pEH);
+   ListEntry = GlobalEvents->Events.Flink;
+   ASSERT(ListEntry != &GlobalEvents->Events);
+   while (ListEntry != &GlobalEvents->Events)
+   {
+     pEH = CONTAINING_RECORD(ListEntry, EVENTHOOK, Chain);
+     ListEntry = ListEntry->Flink;
+
      // Must be inside the event window.
      if ( Event >= pEH->eventMin && Event <= pEH->eventMax )
      {
@@ -217,6 +219,7 @@
                (pEH->Flags & WINEVENT_SKIPOWNTHREAD && pEH->head.pti ==
pti) ||
                 pEH->head.pti->rpdesk != ptiCurrent->rpdesk ) ) // Same as
hooks.
         {
+           UserRefObjectCo(pEH, &Ref);
            if (pEH->Flags & WINEVENT_INCONTEXT)
            {
               TRACE("In       Event 0x%x, idObject %d hwnd %p\n", Event,
idObject, pWnd ? UserHMGetHandle(pWnd) : NULL);
@@ -241,12 +244,10 @@
                                     idChild,
                                    
PtrToUint(NtCurrentTeb()->ClientId.UniqueThread));
            }
+           UserDerefObjectCo(pEH);
         }
      }
-     UserDereferenceObject(pEH);
-     pLE = pEH->Chain.Flink;
-     pEH = CONTAINING_RECORD(pLE, EVENTHOOK, Chain);
-   } while (pLE != &GlobalEvents->Events);
+   }
 }
 
 VOID



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [tfaber] 67907: [WIN32K:NTUSER] - Use UserRefObjectCo in IntNotifyWinEvent to avoid a reference leak in case the call-out does not return - Sanitize list walk