Author: mjmartin Date: Sun May 9 14:27:57 2010 New Revision: 47142 URL: http://svn.reactos.org/svn/reactos?rev=47142&view=rev Log: [win32k] - When message are sent without waiting a reply (non-queued messages) the message queues are referenced and dereferenced in the call. Message removal and cleanup functions for queues expected a reference on the queue. Add checks to determine if the message is a non-queued message and if so release memory for those that had pointers and more importantly skip dereferencing the queues. Possibly fixes random crashes and memory leaks. Modified: trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c Modified: trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c [iso-8859-1] Sun May 9 14:27:57 2010 @@ -1072,7 +1072,7 @@ { DPRINT("Notify the sender and remove a message from the queue that had not been dispatched\n"); - RemoveEntryList(&SentMessage->ListEntry); + RemoveEntryList(&SentMessage->ListEntry); /* remove the message from the dispatching list */ if(SentMessage->DispatchingListEntry.Flink != NULL) @@ -1086,9 +1086,19 @@ KeSetEvent(SentMessage->CompletionEvent, IO_NO_INCREMENT, FALSE); } - /* dereference our and the sender's message queue */ - IntDereferenceMessageQueue(MessageQueue); - IntDereferenceMessageQueue(SentMessage->SenderQueue); + if (SentMessage->HasPackedLParam == TRUE) + { + if (SentMessage->Msg.lParam) + ExFreePool((PVOID)SentMessage->Msg.lParam); + } + + /* Only if it is not a no wait message */ + if (!(SentMessage->HookMessage & MSQ_SENTNOWAIT)) + { + /* dereference our and the sender's message queue */ + IntDereferenceMessageQueue(MessageQueue); + IntDereferenceMessageQueue(SentMessage->SenderQueue); + } /* free the message */ ExFreePool(SentMessage); @@ -1509,9 +1519,19 @@ KeSetEvent(CurrentSentMessage->CompletionEvent, IO_NO_INCREMENT, FALSE); } - /* dereference our and the sender's message queue */ - IntDereferenceMessageQueue(MessageQueue); - IntDereferenceMessageQueue(CurrentSentMessage->SenderQueue); + if (CurrentSentMessage->HasPackedLParam == TRUE) + { + if (CurrentSentMessage->Msg.lParam) + ExFreePool((PVOID)CurrentSentMessage->Msg.lParam); + } + + /* Only if it is not a no wait message */ + if (!(CurrentSentMessage->HookMessage & MSQ_SENTNOWAIT)) + { + /* dereference our and the sender's message queue */ + IntDereferenceMessageQueue(MessageQueue); + IntDereferenceMessageQueue(CurrentSentMessage->SenderQueue); + } /* free the message */ ExFreePool(CurrentSentMessage); @@ -1547,10 +1567,19 @@ KeSetEvent(CurrentSentMessage->CompletionEvent, IO_NO_INCREMENT, FALSE); } - /* dereference our and the sender's message queue */ - IntDereferenceMessageQueue(MessageQueue); - IntDereferenceMessageQueue(CurrentSentMessage->SenderQueue); - + if (CurrentSentMessage->HasPackedLParam == TRUE) + { + if (CurrentSentMessage->Msg.lParam) + ExFreePool((PVOID)CurrentSentMessage->Msg.lParam); + } + + /* Only if it is not a no wait message */ + if (!(CurrentSentMessage->HookMessage & MSQ_SENTNOWAIT)) + { + /* dereference our and the sender's message queue */ + IntDereferenceMessageQueue(MessageQueue); + IntDereferenceMessageQueue(CurrentSentMessage->SenderQueue); + } /* free the message */ ExFreePool(CurrentSentMessage); }