Author: gadamopoulos Date: Sun Feb 19 22:05:25 2012 New Revision: 55724
URL: http://svn.reactos.org/svn/reactos?rev=55724&view=rev Log: [ntoskrnl] - Fix a crash in KiSystemCall that was caused because PsConvertToGuiThread may have switched to a large kernel stack, but still returned with failure because win32k did not succeed. To fix it reload the trap frame after the call before checking for success.
Modified: trunk/reactos/ntoskrnl/ke/i386/traphdlr.c
Modified: trunk/reactos/ntoskrnl/ke/i386/traphdlr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ke/i386/traphdlr.c... ============================================================================== --- trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ke/i386/traphdlr.c [iso-8859-1] Sun Feb 19 22:05:25 2012 @@ -1556,17 +1556,18 @@
/* Convert us to a GUI thread -- must wrap in ASM to get new EBP */ Result = KiConvertToGuiThread(); + + /* Reload trap frame and descriptor table pointer from new stack */ + TrapFrame = *(volatile PVOID*)&Thread->TrapFrame; + DescriptorTable = (PVOID)(*(volatile ULONG_PTR*)&Thread->ServiceTable + Offset); + if (!NT_SUCCESS(Result)) { /* Set the last error and fail */ //SetLastWin32Error(RtlNtStatusToDosError(Result)); goto ExitCall; } - - /* Reload trap frame and descriptor table pointer from new stack */ - TrapFrame = *(volatile PVOID*)&Thread->TrapFrame; - DescriptorTable = (PVOID)(*(volatile ULONG_PTR*)&Thread->ServiceTable + Offset); - + /* Validate the system call number again */ if (Id >= DescriptorTable->Limit) {