[jgardou] 47748: [WIN32K] Merge GDIOBJ related changes from yarotows - GDIOBJ_(Share)LockObj : return NULL on NULL input, avoiding debug spew - Set NULL process owner when setting READY_TO_DIE flag of a gdiobj - So now GDIOBJ_ShareUnlockObj can claim ownership before trying to delete the object
10 Jun
2010
10 Jun
'10
10:15 p.m.
Author: jgardou
Date: Thu Jun 10 22:15:05 2010
New Revision: 47748
URL: http://svn.reactos.org/svn/reactos?rev=47748&view=rev
Log:
[WIN32K]
Merge GDIOBJ related changes from yarotows
- GDIOBJ_(Share)LockObj : return NULL on NULL input, avoiding debug spew
- Set NULL process owner when setting READY_TO_DIE flag of a gdiobj
- So now GDIOBJ_ShareUnlockObj can claim ownership before trying to delete the object
Modified:
trunk/reactos/subsystems/win32/win32k/include/gdiobj.h
trunk/reactos/subsystems/win32/win32k/objects/gdiobj.c
Modified: trunk/reactos/subsystems/win32/win32k/include/gdiobj.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/in…
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/include/gdiobj.h [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/include/gdiobj.h [iso-8859-1] Thu Jun 10
22:15:05 2010
@@ -87,7 +87,7 @@
BOOL FASTCALL IntGdiSetRegionOwner(HRGN,DWORD);
/*!
- * Release GDI object. Every object locked by GDIOBJ_LockObj() must be unlocked.
+ * Release GDI object. Every object locked by GDIOBJ_LockObj() must be unlocked.
* You should unlock the object
* as soon as you don't need to have access to it's data.
@@ -112,6 +112,7 @@
ASSERT(cLocks >= 0);
if ((flags & BASEFLAG_READY_TO_DIE) && (cLocks == 0))
{
+ GDIOBJ_SetOwnership(hobj, PsGetCurrentProcess());
GDIOBJ_FreeObjByHandle(hobj, GDI_OBJECT_TYPE_DONTCARE);
}
return cLocks;
Modified: trunk/reactos/subsystems/win32/win32k/objects/gdiobj.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ob…
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/objects/gdiobj.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/objects/gdiobj.c [iso-8859-1] Thu Jun 10
22:15:05 2010
@@ -631,10 +631,24 @@
}
else if (Object->ulShareCount != 0)
{
+ NTSTATUS Status;
+ PEPROCESS OldProcess;
Object->BaseFlags |= BASEFLAG_READY_TO_DIE;
DPRINT("Object %p, ulShareCount = %d\n", Object->hHmgr,
Object->ulShareCount);
//GDIDBG_TRACECALLER();
//GDIDBG_TRACESHARELOCKER(GDI_HANDLE_GET_INDEX(hObj));
+ /* Set NULL owner. This will permit an other process to kill the object
+ * Do the work here to avoid race conditions */
+ Status = PsLookupProcessByProcessId((HANDLE)((ULONG_PTR)PrevProcId &
~0x1), &OldProcess);
+ if (NT_SUCCESS(Status))
+ {
+ PPROCESSINFO W32Process = (PPROCESSINFO)OldProcess->Win32Process;
+ if (W32Process != NULL)
+ {
+ InterlockedDecrement(&W32Process->GDIHandleCount);
+ }
+ ObDereferenceObject(OldProcess);
+ }
(void)InterlockedExchangePointer((PVOID*)&Entry->ProcessId,
PrevProcId);
/* Don't wait on shared locks */
return FALSE;
@@ -952,6 +966,10 @@
POBJ Object = NULL;
ULONG HandleType, HandleUpper;
+ /* Check for dummy call */
+ if(hObj == NULL)
+ return NULL ;
+
HandleIndex = GDI_HANDLE_GET_INDEX(hObj);
HandleType = GDI_HANDLE_GET_TYPE(hObj);
HandleUpper = GDI_HANDLE_GET_UPPER(hObj);
@@ -1090,6 +1108,10 @@
HANDLE ProcessId, HandleProcessId, LockedProcessId, PrevProcId;
POBJ Object = NULL;
ULONG_PTR HandleType, HandleUpper;
+
+ /* Check for dummy call */
+ if(hObj == NULL)
+ return NULL ;
HandleIndex = GDI_HANDLE_GET_INDEX(hObj);
HandleType = GDI_HANDLE_GET_TYPE(hObj);
5216
days inactive
5216
days old
0 comments
1 participants
participants (1)
-
jgardou@svn.reactos.org