[ros-diffs] [tkreuzer] 57973: [WIN32K] Fix a bug in the GDI pool code that could lead to list corruption and a failed ASSERT, when an app allocated a large number of DCs or brushes, like AbiWord with more than...

22 Dec 2012

Author: tkreuzer
Date: Sat Dec 22 22:22:06 2012
New Revision: 57973

URL: http://svn.reactos.org/svn/reactos?rev=57973&view=rev
Log:
[WIN32K]
Fix a bug in the GDI pool code that could lead to list corruption and a failed ASSERT,
when an app allocated a large number of DCs or brushes, like AbiWord with more than 1
document open. Also add a few more ASSERTs.

Modified:
    trunk/reactos/win32ss/gdi/ntgdi/gdipool.c

Modified: trunk/reactos/win32ss/gdi/ntgdi/gdipool.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/gdi/ntgdi/gdipool.…
==============================================================================

--- trunk/reactos/win32ss/gdi/ntgdi/gdipool.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/gdi/ntgdi/gdipool.c [iso-8859-1] Sat Dec 22 22:22:06 2012
@@ -155,6 +155,8 @@
             /* Yes, remove it from the empty list */
             ple = RemoveHeadList(&pPool->leEmptyList);
             pSection = CONTAINING_RECORD(ple, GDI_POOL_SECTION, leInUseLink);
+            pPool->cEmptySections--;
+            ASSERT(pSection->cAllocCount == 0);
         }
         else
         {
@@ -166,13 +168,11 @@
                 pvAlloc = NULL;
                 goto done;
             }
-
-            /* Insert it into the ready list */
-            InsertHeadList(&pPool->leReadyList, &pSection->leReadyLink);
         }
 
-        /* Insert it into the in-use list */
+        /* Insert it into the in-use and ready list */
         InsertHeadList(&pPool->leInUseList, &pSection->leInUseLink);
+        InsertHeadList(&pPool->leReadyList, &pSection->leReadyLink);
     }
 
     /* Find and set a single bit */
@@ -203,6 +203,7 @@
 
     /* Increase alloc count */
     pSection->cAllocCount++;
+    ASSERT(RtlNumberOfSetBits(&pSection->bitmap) == pSection->cAllocCount);
     DBG_LOGEVENT(&pPool->slhLog, EVENT_ALLOCATE, pvAlloc);
 
     /* Check if section is now busy */
@@ -260,6 +261,7 @@
 
             /* Decrease allocation count */
             pSection->cAllocCount--;
+            ASSERT(RtlNumberOfSetBits(&pSection->bitmap) ==
pSection->cAllocCount);
             DBG_LOGEVENT(&pPool->slhLog, EVENT_FREE, pvAlloc);
 
             /* Check if the section got valid now */
@@ -275,7 +277,7 @@
                 RemoveEntryList(&pSection->leInUseLink);
                 RemoveEntryList(&pSection->leReadyLink);
 
-                if (pPool->cEmptySections > 1)
+                if (pPool->cEmptySections >= 1)
                 {
                     /* Delete the section */
                     GdiPoolDeleteSection(pPool, pSection);



    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

[ros-diffs] [tkreuzer] 57973: [WIN32K] Fix a bug in the GDI pool code that could lead to list corruption and a failed ASSERT, when an app allocated a large number of DCs or brushes, like AbiWord with more than...