Author: tkreuzer Date: Wed Aug 12 10:34:05 2015 New Revision: 68702 URL: http://svn.reactos.org/svn/reactos?rev=68702&view=rev Log: [WIN23K] Make sure to attach to the specified process before dereferencing ClientInfo, which is a user mode structure. CORE-l0017 #resolve Modified: trunk/reactos/win32ss/user/ntuser/message.c Modified: trunk/reactos/win32ss/user/ntuser/message.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/messag… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/message.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/message.c [iso-8859-1] Wed Aug 12 10:34:05 2015 @@ -2870,6 +2870,7 @@ NTSTATUS Status; HANDLE Handles[3]; LARGE_INTEGER Timeout; + KAPC_STATE ApcState; UserEnterExclusive(); @@ -2915,12 +2916,16 @@ if (dwMilliseconds != INFINITE) Timeout.QuadPart = (LONGLONG) dwMilliseconds * (LONGLONG) -10000; + KeStackAttachProcess(&Process->Pcb, &ApcState); + W32Process->W32PF_flags |= W32PF_WAITFORINPUTIDLE; for (pti = W32Process->ptiList; pti; pti = pti->ptiSibling) { pti->TIF_flags |= TIF_WAITFORINPUTIDLE; pti->pClientInfo->dwTIFlags = pti->TIF_flags; } + + KeUnstackDetachProcess(&ApcState); TRACE("WFII: ppi %p\n", W32Process); TRACE("WFII: waiting for %p\n", Handles[1] );