https://git.reactos.org/?p=reactos.git;a=commitdiff;h=0b0e73d66edc9e6ebff70…
commit 0b0e73d66edc9e6ebff7057d44d1789846016687
Author: Katayama Hirofumi MZ <katayama.hirofumi.mz(a)gmail.com>
AuthorDate: Mon Apr 25 11:36:00 2022 +0900
Commit: GitHub <noreply(a)github.com>
CommitDate: Mon Apr 25 11:36:00 2022 +0900
[NTUSER] Add locking at IntSendFocusMessage (#4468)
Fix access violation on IntFocusSetInputContext.
- Add locking on pWndPrev.
CORE-18163
---
win32ss/user/ntuser/focus.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/win32ss/user/ntuser/focus.c b/win32ss/user/ntuser/focus.c
index 7ecb9c88f73..f40a2bf686b 100644
--- a/win32ss/user/ntuser/focus.c
+++ b/win32ss/user/ntuser/focus.c
@@ -617,6 +617,7 @@ IntSendFocusMessages( PTHREADINFO pti, PWND pWnd)
PWND pWndPrev;
PUSER_MESSAGE_QUEUE ThreadQueue = pti->MessageQueue; // Queue can change...
HWND hwndPrev;
+ USER_REFERENCE_ENTRY Ref;
ThreadQueue->QF_flags &= ~QF_FOCUSNULLSINCEACTIVE;
if (!pWnd && ThreadQueue->spwndActive)
@@ -625,6 +626,8 @@ IntSendFocusMessages( PTHREADINFO pti, PWND pWnd)
}
pWndPrev = ThreadQueue->spwndFocus;
+ if (pWndPrev)
+ UserRefObjectCo(pWndPrev, &Ref);
/* check if the specified window can be set in the input data of a given queue */
if (!pWnd || ThreadQueue == pWnd->head.pti->MessageQueue)
@@ -667,6 +670,9 @@ IntSendFocusMessages( PTHREADINFO pti, PWND pWnd)
}
}
}
+
+ if (pWndPrev)
+ UserDerefObjectCo(pWndPrev);
}
BOOL FASTCALL