[tkreuzer] 32336: Big ntuser fix: - rename ObmXxx functions to UserXxx functions - remove some macros - move prototypes to object.h - implement UserreferenceObjectByHandle creating a reference to the object, used for cursoricon stuff so far - rewrite object manager functions to reasonably handle references - dereference cursoricons correctly, so they will really get deleted -> fixes a cursoricon leak - destroy submenus in NtUserDestroyMenu -> fixes a big menu leak - free the buffer of the menu t
Author: tkreuzer Date: Wed Feb 13 03:46:23 2008 New Revision: 32336
URL: http://svn.reactos.org/svn/reactos?rev=32336&view=rev Log: Big ntuser fix: - rename ObmXxx functions to UserXxx functions - remove some macros - move prototypes to object.h - implement UserreferenceObjectByHandle creating a reference to the object, used for cursoricon stuff so far - rewrite object manager functions to reasonably handle references - dereference cursoricons correctly, so they will really get deleted -> fixes a cursoricon leak - destroy submenus in NtUserDestroyMenu -> fixes a big menu leak - free the buffer of the menu text -> fixes a mem leak - delete old bitmaps in NtUserSetCursorContent -> fixes a bitmap leak - delete monitor object on failure Now taskmgr doesn't leak memory anymore. we still leak some user handles here and there even after terminating a process, but it's much better now.
Modified: trunk/reactos/subsystems/win32/win32k/include/cursoricon.h trunk/reactos/subsystems/win32/win32k/include/menu.h trunk/reactos/subsystems/win32/win32k/include/object.h trunk/reactos/subsystems/win32/win32k/include/userfuncs.h trunk/reactos/subsystems/win32/win32k/main/dllmain.c trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c trunk/reactos/subsystems/win32/win32k/ntuser/hook.c trunk/reactos/subsystems/win32/win32k/ntuser/input.c trunk/reactos/subsystems/win32/win32k/ntuser/menu.c trunk/reactos/subsystems/win32/win32k/ntuser/message.c trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c trunk/reactos/subsystems/win32/win32k/ntuser/object.c trunk/reactos/subsystems/win32/win32k/ntuser/window.c trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c
Modified: trunk/reactos/subsystems/win32/win32k/include/cursoricon.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/inc... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/cursoricon.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/cursoricon.h Wed Feb 13 03:46:23 2008 @@ -81,7 +81,7 @@ (PSYSTEM_CURSORINFO)((WinStaObj)->SystemCursor)
#define IntReleaseCurIconObject(CurIconObj) \ - ObmDereferenceObject(CurIconObj) + UserDereferenceObject(CurIconObj)
#endif /* _WIN32K_CURSORICON_H */
Modified: trunk/reactos/subsystems/win32/win32k/include/menu.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/inc... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/menu.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/menu.h Wed Feb 13 03:46:23 2008 @@ -47,7 +47,7 @@ IntGetMenuObject(HMENU hMenu);
#define IntReleaseMenuObject(MenuObj) \ - ObmDereferenceObject(MenuObj) + UserDereferenceObject(MenuObj)
BOOL FASTCALL IntFreeMenuItem(PMENU_OBJECT MenuObject, PMENU_ITEM MenuItem,
Modified: trunk/reactos/subsystems/win32/win32k/include/object.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/inc... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/object.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/object.h Wed Feb 13 03:46:23 2008 @@ -102,8 +102,20 @@
#undef USER_ASSERT
-VOID FASTCALL ObmReferenceObject(PVOID obj); -BOOL FASTCALL ObmDereferenceObject2(PVOID obj); +extern PUSER_HANDLE_TABLE gHandleTable; +VOID FASTCALL UserReferenceObject(PVOID obj); +PVOID FASTCALL UserReferenceObjectByHandle(HANDLE handle, USER_OBJECT_TYPE type); +BOOL FASTCALL UserDereferenceObject(PVOID obj); +PVOID FASTCALL UserCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size); +BOOL FASTCALL UserDeleteObject(HANDLE h, USER_OBJECT_TYPE type ); +PVOID UserGetObject(PUSER_HANDLE_TABLE ht, HANDLE handle, USER_OBJECT_TYPE type ); +HANDLE UserAllocHandle(PUSER_HANDLE_TABLE ht, PVOID object, USER_OBJECT_TYPE type ); +BOOL UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ); +PVOID UserGetNextHandle(PUSER_HANDLE_TABLE ht, HANDLE* handle, USER_OBJECT_TYPE type ); +PUSER_HANDLE_ENTRY handle_to_entry(PUSER_HANDLE_TABLE ht, HANDLE handle ); +BOOL FASTCALL UserCreateHandleTable(); +VOID UserInitHandleTable(PUSER_HANDLE_TABLE ht, PVOID mem, ULONG bytes); +
static __inline VOID UserRefObjectCo(PVOID obj, PUSER_REFERENCE_ENTRY UserReferenceEntry) @@ -114,7 +126,7 @@ ASSERT(W32Thread != NULL); ASSERT(UserReferenceEntry != NULL); UserReferenceEntry->obj = obj; - ObmReferenceObject(obj); + UserReferenceObject(obj); PushEntryList(&W32Thread->ReferencesList, &UserReferenceEntry->Entry); }
@@ -134,10 +146,10 @@ ASSERT(UserReferenceEntry != NULL);
ASSERT(obj == UserReferenceEntry->obj); - ObmDereferenceObject2(obj); + UserDereferenceObject(obj); }
-HANDLE FASTCALL ObmObjectToHandle(PVOID obj); +HANDLE FASTCALL UserObjectToHandle(PVOID obj);
VOID FASTCALL CreateStockObjects (VOID); VOID FASTCALL CreateSysColorObjects (VOID);
Modified: trunk/reactos/subsystems/win32/win32k/include/userfuncs.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/inc... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/include/userfuncs.h (original) +++ trunk/reactos/subsystems/win32/win32k/include/userfuncs.h Wed Feb 13 03:46:23 2008 @@ -6,22 +6,6 @@
PMENU_OBJECT FASTCALL UserGetMenuObject(HMENU hMenu); - - -#if 0 -#define ObmDereferenceObject(_obj_) \ -{ \ - DPRINT1("obj 0x%x dereffed to %i refs\n",_obj_, USER_BODY_TO_HEADER(_obj_)->RefCount-1); \ - ObmDereferenceObject2(_obj_); \ -} - -#endif - -#define ObmDereferenceObject(_obj_) ObmDereferenceObject2(_obj_) - - - -
#define ASSERT_REFS_CO(_obj_) \ { \ @@ -56,33 +40,7 @@
#define DUMP_REFS(obj) DPRINT1("obj 0x%x, refs %i\n",obj, USER_BODY_TO_HEADER(obj)->RefCount)
- - - -VOID FASTCALL ObmReferenceObject(PVOID obj); -BOOL FASTCALL ObmDereferenceObject2(PVOID obj); - PWINDOW_OBJECT FASTCALL IntGetWindowObject(HWND hWnd); -PVOID FASTCALL -ObmCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size); - -BOOL FASTCALL -ObmDeleteObject(HANDLE h, USER_OBJECT_TYPE type ); - -#define UserRefObject(o) ObmReferenceObject(o) -#define UserDerefObject(o) ObmDereferenceObject(o) -BOOL FASTCALL ObmCreateHandleTable(); - -/******************** HANDLE.C ***************/ - -extern PUSER_HANDLE_TABLE gHandleTable; - -PUSER_HANDLE_ENTRY handle_to_entry(PUSER_HANDLE_TABLE ht, HANDLE handle ); -VOID UserInitHandleTable(PUSER_HANDLE_TABLE ht, PVOID mem, ULONG bytes); -HANDLE UserAllocHandle(PUSER_HANDLE_TABLE ht, PVOID object, USER_OBJECT_TYPE type ); -PVOID UserGetObject(PUSER_HANDLE_TABLE ht, HANDLE handle, USER_OBJECT_TYPE type ); -PVOID UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ); -PVOID UserGetNextHandle(PUSER_HANDLE_TABLE ht, HANDLE* handle, USER_OBJECT_TYPE type );
/*************** WINSTA.C ***************/
Modified: trunk/reactos/subsystems/win32/win32k/main/dllmain.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/mai... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/main/dllmain.c (original) +++ trunk/reactos/subsystems/win32/win32k/main/dllmain.c Wed Feb 13 03:46:23 2008 @@ -289,7 +289,7 @@ { PUSER_REFERENCE_ENTRY ref = CONTAINING_RECORD(e, USER_REFERENCE_ENTRY, Entry); DPRINT("thread clean: remove reference obj 0x%x\n",ref->obj); - ObmDereferenceObject(ref->obj); + UserDereferenceObject(ref->obj);
e = PopEntryList(&Win32Thread->ReferencesList); }
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/accelerator.c Wed Feb 13 03:46:23 2008 @@ -348,7 +348,7 @@ RETURN( (HACCEL) 0 ); }
- Accel = ObmCreateObject(gHandleTable, (PHANDLE)&hAccel, otAccel, sizeof(ACCELERATOR_TABLE)); + Accel = UserCreateObject(gHandleTable, (PHANDLE)&hAccel, otAccel, sizeof(ACCELERATOR_TABLE));
if (Accel == NULL) { @@ -362,7 +362,8 @@ Accel->Table = ExAllocatePoolWithTag(PagedPool, EntriesCount * sizeof(ACCEL), TAG_ACCEL); if (Accel->Table == NULL) { - ObmDeleteObject(hAccel, otAccel); + UserDereferenceObject(Accel); + UserDeleteObject(hAccel, otAccel); SetLastNtError(STATUS_NO_MEMORY); RETURN( (HACCEL) 0); } @@ -371,7 +372,8 @@ if (!NT_SUCCESS(Status)) { ExFreePool(Accel->Table); - ObmDeleteObject(hAccel, otAccel); + UserDereferenceObject(Accel); + UserDeleteObject(hAccel, otAccel); SetLastNtError(Status); RETURN((HACCEL) 0); } @@ -411,12 +413,13 @@ RETURN( FALSE); }
- ObmDeleteObject(hAccel, otAccel); - if (Accel->Table != NULL) { ExFreePool(Accel->Table); - } + Accel->Table = NULL; + } + + UserDeleteObject(hAccel, otAccel);
RETURN( TRUE);
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/callproc.c Wed Feb 13 03:46:23 2008 @@ -39,7 +39,7 @@ GetCallProcHandle(IN PCALLPROC CallProc) { /* FIXME - check for 64 bit architectures... */ - return (WNDPROC)((ULONG_PTR)ObmObjectToHandle(CallProc) | 0xFFFF0000); + return (WNDPROC)((ULONG_PTR)UserObjectToHandle(CallProc) | 0xFFFF0000); }
VOID @@ -47,9 +47,9 @@ IN OUT PCALLPROC CallProc) { /* FIXME - use new object manager! */ - HANDLE Handle = ObmObjectToHandle(CallProc); + HANDLE Handle = UserObjectToHandle(CallProc);
- ObmDeleteObject(Handle, + UserDeleteObject(Handle, otCallProc); }
@@ -61,7 +61,7 @@ HANDLE Handle;
/* FIXME - use new object manager! */ - NewCallProc = (PCALLPROC)ObmCreateObject(gHandleTable, + NewCallProc = (PCALLPROC)UserCreateObject(gHandleTable, &Handle, otCallProc, sizeof(CALLPROC)); @@ -87,7 +87,7 @@ HANDLE Handle;
/* FIXME - use new object manager! */ - NewCallProc = (PCALLPROC)ObmCreateObject(gHandleTable, + NewCallProc = (PCALLPROC)UserCreateObject(gHandleTable, &Handle, otCallProc, sizeof(CALLPROC));
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/cursoricon.c Wed Feb 13 03:46:23 2008 @@ -71,7 +71,7 @@ return TRUE; }
- +/* This function creates a reference for the object! */ PCURICON_OBJECT FASTCALL UserGetCurIconObject(HCURSOR hCurIcon) { PCURICON_OBJECT CurIcon; @@ -82,7 +82,7 @@ return NULL; }
- CurIcon = (PCURICON_OBJECT)UserGetObject(gHandleTable, hCurIcon, otCursorIcon); + CurIcon = (PCURICON_OBJECT)UserReferenceObjectByHandle(hCurIcon, otCursorIcon); if (!CurIcon) { /* we never set ERROR_INVALID_ICON_HANDLE. lets hope noone ever checks for it */ @@ -90,7 +90,7 @@ return NULL; }
- ASSERT(USER_BODY_TO_HEADER(CurIcon)->RefCount >= 0); + ASSERT(USER_BODY_TO_HEADER(CurIcon)->RefCount >= 1); return CurIcon; }
@@ -151,10 +151,14 @@
if (!NewCursor && (CurInfo->CurrentCursorObject || ForceChange)) { - if (NULL != CurInfo->CurrentCursorObject && CurInfo->ShowingCursor) - { - /* Remove the cursor if it was displayed */ - IntEngMovePointer(SurfObj, -1, -1, &GDIDEV(SurfObj)->Pointer.Exclude); + if (NULL != CurInfo->CurrentCursorObject) + { + UserDereferenceObject(CurInfo->CurrentCursorObject); + if (CurInfo->ShowingCursor) + { + /* Remove the cursor if it was displayed */ + IntEngMovePointer(SurfObj, -1, -1, &GDIDEV(SurfObj)->Pointer.Exclude); + } }
GDIDEV(SurfObj)->Pointer.Status = SPS_ACCEPT_NOEXCLUDE; @@ -239,6 +243,7 @@ } CurInfo->ShowingCursor = CURSOR_SHOWING; CurInfo->CurrentCursorObject = NewCursor; + UserReferenceObject(NewCursor); } else { @@ -365,14 +370,14 @@ LIST_FOR_EACH(CurIcon, &gCurIconList, CURICON_OBJECT, ListEntry) {
- // if(NT_SUCCESS(ObmReferenceObjectByPointer(Object, otCursorIcon))) //<- huh???? -// ObmReferenceObject( CurIcon); + // if(NT_SUCCESS(UserReferenceObjectByPointer(Object, otCursorIcon))) //<- huh???? +// UserReferenceObject( CurIcon); // { if((CurIcon->hModule == hModule) && (CurIcon->hRsrc == hRsrc)) { if(cx && ((cx != CurIcon->Size.cx) || (cy != CurIcon->Size.cy))) { -// ObmDereferenceObject(CurIcon); +// UserDereferenceObject(CurIcon); continue; } if (! ReferenceCurIconByProcess(CurIcon)) @@ -383,7 +388,7 @@ return CurIcon; } // } -// ObmDereferenceObject(CurIcon); +// UserDereferenceObject(CurIcon);
}
@@ -396,7 +401,7 @@ PCURICON_OBJECT CurIcon; HANDLE hCurIcon;
- CurIcon = ObmCreateObject(gHandleTable, &hCurIcon, otCursorIcon, sizeof(CURICON_OBJECT)); + CurIcon = UserCreateObject(gHandleTable, &hCurIcon, otCursorIcon, sizeof(CURICON_OBJECT));
if(!CurIcon) { @@ -410,14 +415,12 @@ if (! ReferenceCurIconByProcess(CurIcon)) { DPRINT1("Failed to add process\n"); - ObmDeleteObject(hCurIcon, otCursorIcon); - ObmDereferenceObject(CurIcon); + UserDeleteObject(hCurIcon, otCursorIcon); + UserDereferenceObject(CurIcon); return NULL; }
InsertHeadList(&gCurIconList, &CurIcon->ListEntry); - - ObmDereferenceObject(CurIcon);
return CurIcon; } @@ -484,19 +487,23 @@ bmpMask = CurIcon->IconInfo.hbmMask; bmpColor = CurIcon->IconInfo.hbmColor;
- Ret = ObmDeleteObject(CurIcon->Self, otCursorIcon); - /* delete bitmaps */ if(bmpMask) { GDIOBJ_SetOwnership(GdiHandleTable, bmpMask, PsGetCurrentProcess()); NtGdiDeleteObject(bmpMask); + CurIcon->IconInfo.hbmMask = NULL; } if(bmpColor) { GDIOBJ_SetOwnership(GdiHandleTable, bmpColor, PsGetCurrentProcess()); NtGdiDeleteObject(bmpColor); - } + CurIcon->IconInfo.hbmColor = NULL; + } + + /* We were given a pointer, no need to keep the reference anylonger! */ + UserDereferenceObject(CurIcon); + Ret = UserDeleteObject(CurIcon->Self, otCursorIcon);
return Ret; } @@ -516,8 +523,8 @@
LIST_FOR_EACH_SAFE(CurIcon, tmp, &gCurIconList, CURICON_OBJECT, ListEntry) { -// ObmReferenceObject(CurIcon); - // if(NT_SUCCESS(ObmReferenceObjectByPointer(Object, otCursorIcon))) +// UserReferenceObject(CurIcon); + // if(NT_SUCCESS(UserReferenceObjectByPointer(Object, otCursorIcon))) { LIST_FOR_EACH(ProcessData, &CurIcon->ProcessList, CURICON_PROCESS, ListEntry) { @@ -529,7 +536,7 @@ } }
-// ObmDereferenceObject(Object); +// UserDereferenceObject(Object); }
@@ -607,6 +614,7 @@ } }
+ UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret);
@@ -698,6 +706,7 @@ else SetLastNtError(Status);
+ UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret);
@@ -749,6 +758,8 @@ else SetLastNtError(Status); // maybe not, test this
+ UserDereferenceObject(CurIcon); + cleanup: DPRINT("Leave NtUserGetIconSize, ret=%i\n", bRet); UserLeave(); @@ -950,6 +961,7 @@ }
ret = IntDestroyCurIconObject(WinSta, CurIcon, FALSE); + /* Note: IntDestroyCurIconObject will remove our reference for us! */
ObDereferenceObject(WinSta); RETURN(ret); @@ -1099,6 +1111,7 @@
OldCursor = IntSetCursor(WinSta, CurIcon, FALSE);
+ UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta);
RETURN(OldCursor); @@ -1117,9 +1130,10 @@ STDCALL NtUserSetCursorContents( HANDLE hCurIcon, - PICONINFO IconInfo) + PICONINFO UnsafeIconInfo) { PCURICON_OBJECT CurIcon; + ICONINFO IconInfo; PBITMAPOBJ bmp; PWINSTATION_OBJECT WinSta; NTSTATUS Status; @@ -1142,12 +1156,25 @@ }
/* Copy fields */ - Status = MmCopyFromCaller(&CurIcon->IconInfo, IconInfo, sizeof(ICONINFO)); + Status = MmCopyFromCaller(&IconInfo, UnsafeIconInfo, sizeof(ICONINFO)); if(!NT_SUCCESS(Status)) { SetLastNtError(Status); goto done; } + + /* Delete old bitmaps */ + if (CurIcon->IconInfo.hbmColor != IconInfo.hbmColor) + { + NtGdiDeleteObject(CurIcon->IconInfo.hbmColor); + } + if (CurIcon->IconInfo.hbmMask != IconInfo.hbmMask) + { + NtGdiDeleteObject(CurIcon->IconInfo.hbmMask); + } + + /* Copy new IconInfo field */ + CurIcon->IconInfo = IconInfo;
bmp = BITMAPOBJ_LockBitmap(CurIcon->IconInfo.hbmColor); if(bmp) @@ -1174,6 +1201,10 @@
done:
+ if (CurIcon) + { + UserDereferenceObject(CurIcon); + } ObDereferenceObject(WinSta); RETURN( Ret);
@@ -1265,6 +1296,7 @@ else Ret = TRUE;
+ UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret);
@@ -1346,6 +1378,7 @@ }
done: + UserDereferenceObject(CurIcon); ObDereferenceObject(WinSta); RETURN( Ret);
@@ -1764,6 +1797,8 @@ hbrFlickerFreeDraw, diFlags);
+ UserDereferenceObject(pIcon); + UserLeave(); return Ret; }
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/hook.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/hook.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/hook.c Wed Feb 13 03:46:23 2008 @@ -112,7 +112,7 @@ } }
- Hook = ObmCreateObject(gHandleTable, &Handle, otHook, sizeof(HOOK)); + Hook = UserCreateObject(gHandleTable, &Handle, otHook, sizeof(HOOK)); if (NULL == Hook) { return NULL; @@ -215,7 +215,7 @@ }
/* Close handle */ - ObmDeleteObject(Hook->Self, otHook); + UserDeleteObject(Hook->Self, otHook); }
/* remove a hook, freeing it if the chain is not in use */ @@ -441,7 +441,7 @@ RETURN( FALSE); }
- //Status = ObmReferenceObjectByHandle(gHandleTable, Hook, + //Status = UserReferenceObjectByHandle(gHandleTable, Hook, // otHookProc, (PVOID *) &HookObj); ObDereferenceObject(WinStaObj);
@@ -462,13 +462,13 @@ if (NULL != HookObj->Thread && (HookObj->Thread != PsGetCurrentThread())) { DPRINT1("Thread mismatch\n"); - ObmDereferenceObject(HookObj); + UserDereferenceObject(HookObj); SetLastWin32Error(ERROR_INVALID_HANDLE); RETURN( 0); }
NextObj = IntGetNextHook(HookObj); - ObmDereferenceObject(HookObj); + UserDereferenceObject(HookObj); if (NULL != NextObj) { DPRINT1("Calling next hook not implemented\n"); @@ -637,7 +637,7 @@ Status = MmCopyFromCaller(&ModuleName, UnsafeModuleName, sizeof(UNICODE_STRING)); if (! NT_SUCCESS(Status)) { - ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); IntRemoveHook(Hook, WinStaObj, FALSE); if (NULL != Thread) { @@ -652,7 +652,7 @@ TAG_HOOK); if (NULL == Hook->ModuleName.Buffer) { - ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); IntRemoveHook(Hook, WinStaObj, FALSE); if (NULL != Thread) { @@ -669,7 +669,7 @@ if (! NT_SUCCESS(Status)) { ExFreePool(Hook->ModuleName.Buffer); - ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); IntRemoveHook(Hook, WinStaObj, FALSE); if (NULL != Thread) { @@ -686,7 +686,7 @@ Hook->Ansi = Ansi; Handle = Hook->Self;
- ObmDereferenceObject(Hook); + UserDereferenceObject(Hook); ObDereferenceObject(WinStaObj);
RETURN( Handle); @@ -738,7 +738,7 @@ RETURN( FALSE); }
- // Status = ObmReferenceObjectByHandle(gHandleTable, Hook, + // Status = UserReferenceObjectByHandle(gHandleTable, Hook, // otHookProc, (PVOID *) &HookObj); if (!(HookObj = IntGetHookObject(Hook))) { @@ -751,7 +751,7 @@
IntRemoveHook(HookObj, WinStaObj, FALSE);
- ObmDereferenceObject(HookObj); + UserDereferenceObject(HookObj); ObDereferenceObject(WinStaObj);
RETURN( TRUE);
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/input.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/input.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/input.c Wed Feb 13 03:46:23 2008 @@ -1058,7 +1058,7 @@ MousePos.x = DesktopWindow->Wnd->ClientRect.right - 1; if(MousePos.y >= DesktopWindow->Wnd->ClientRect.bottom) MousePos.y = DesktopWindow->Wnd->ClientRect.bottom - 1; - ObmDereferenceObject(DesktopWindow); + UserDereferenceObject(DesktopWindow); }
if(MousePos.x < 0)
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/menu.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/menu.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/menu.c Wed Feb 13 03:46:23 2008 @@ -238,6 +238,7 @@ }
/* Free memory */ + ExFreePool(MenuItem->Text.Buffer); ExFreePool(MenuItem);
return TRUE; @@ -317,9 +318,10 @@ Window->Wnd->IDMenu = 0; } } - ObmDeleteObject(Menu->MenuInfo.Self, otMenu); +// UserDereferenceObject(Menu); + BOOL ret = UserDeleteObject(Menu->MenuInfo.Self, otMenu); ObDereferenceObject(WindowStation); - return TRUE; + return ret; } } return FALSE; @@ -330,7 +332,7 @@ { PMENU_OBJECT Menu;
- Menu = (PMENU_OBJECT)ObmCreateObject( + Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, Handle, otMenu, sizeof(MENU_OBJECT));
@@ -438,7 +440,7 @@ if(!Source) return NULL;
- Menu = (PMENU_OBJECT)ObmCreateObject( + Menu = (PMENU_OBJECT)UserCreateObject( gHandleTable, &hMenu, otMenu, sizeof(MENU_OBJECT));
@@ -1457,6 +1459,7 @@ { PWINSTATION_OBJECT WinStaObject; HANDLE Handle; + PMENU_OBJECT Menu; NTSTATUS Status; PEPROCESS CurrentProcess = PsGetCurrentProcess();
@@ -1479,12 +1482,14 @@ SetLastNtError(Status); return (HMENU)0; } - IntCreateMenu(&Handle, !PopupMenu); + Menu = IntCreateMenu(&Handle, !PopupMenu); + UserDereferenceObject(Menu); ObDereferenceObject(WinStaObject); } else { - IntCreateMenu(&Handle, !PopupMenu); + Menu = IntCreateMenu(&Handle, !PopupMenu); + UserDereferenceObject(Menu); }
return (HMENU)Handle; @@ -1566,7 +1571,7 @@ RETURN( FALSE); }
- RETURN( IntDestroyMenuObject(Menu, FALSE, TRUE)); + RETURN( IntDestroyMenuObject(Menu, TRUE, TRUE));
CLEANUP: DPRINT("Leave NtUserDestroyMenu, ret=%i\n",_ret_);
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/message.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/message.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/message.c Wed Feb 13 03:46:23 2008 @@ -582,12 +582,12 @@ }
/* eat the message */ - UserDerefObject(Wnd); + UserDereferenceObject(Wnd); UserDerefObjectCo(DesktopWindow); UserDerefObjectCo(Window); return TRUE; } - UserDerefObject(Wnd); + UserDereferenceObject(Wnd); }
UserDerefObjectCo(DesktopWindow); @@ -800,7 +800,7 @@
// if(MsgWindow) // { -// UserDerefObject(MsgWindow); +// UserDereferenceObject(MsgWindow); // }
return TRUE; @@ -1584,7 +1584,7 @@ /* Must be handled by other thread */ // if (HWND_BROADCAST != hWnd) // { -// UserDerefObject(Window); +// UserDereferenceObject(Window); // } Info.HandledByKernel = TRUE; UserModeMsg.hwnd = hWnd;
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/monitor.c Wed Feb 13 03:46:23 2008 @@ -89,7 +89,7 @@ HANDLE Handle; PMONITOR_OBJECT Monitor;
- Monitor = ObmCreateObject(gHandleTable, &Handle, otMonitor, sizeof (MONITOR_OBJECT)); + Monitor = UserCreateObject(gHandleTable, &Handle, otMonitor, sizeof (MONITOR_OBJECT)); if (Monitor == NULL) { return NULL; @@ -116,7 +116,7 @@ IntDestroyMonitorObject(IN PMONITOR_OBJECT pMonitor) { RtlFreeUnicodeString(&pMonitor->DeviceName); - ObmDereferenceObject(pMonitor); + UserDereferenceObject(pMonitor); }
@@ -178,6 +178,8 @@ if (!RtlCreateUnicodeString(&Monitor->DeviceName, Buffer)) { DPRINT("Couldn't duplicate monitor name!\n"); + UserDereferenceObject(Monitor); + UserDeleteObject(Monitor->Handle, otMonitor); return STATUS_INSUFFICIENT_RESOURCES; }
@@ -199,6 +201,7 @@ } Monitor->Prev = p; } + UserDereferenceObject(Monitor);
return STATUS_SUCCESS; }
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/msgqueue.c Wed Feb 13 03:46:23 2008 @@ -282,7 +282,7 @@ if(Msg == WM_MOUSEWHEEL) { Window = UserGetWindowObject(IntGetFocusWindow()); - if (Window) UserRefObject(Window); + if (Window) UserReferenceObject(Window); } else { @@ -290,7 +290,7 @@ if(Window == NULL) { Window = ScopeWin; - if (Window) UserRefObject(Window); + if (Window) UserReferenceObject(Window); } else { @@ -304,7 +304,7 @@ /* FIXME - window messages should go to the right window if no buttons are pressed */ Window = UserGetWindowObject(hCaptureWin); - if (Window) UserRefObject(Window); + if (Window) UserReferenceObject(Window); }
@@ -377,7 +377,7 @@ IntUnLockHardwareMessageQueue(Window->MessageQueue);
*Freed = FALSE; - UserDerefObject(Window); + UserDereferenceObject(Window); return(FALSE); }
@@ -420,7 +420,7 @@ IntUnLockHardwareMessageQueue(Window->MessageQueue); }
- UserDerefObject(Window); + UserDereferenceObject(Window); *Freed = FALSE; return(FALSE); } @@ -459,7 +459,7 @@ } }
- UserDerefObject(Window); + UserDereferenceObject(Window); *Freed = FALSE; return(TRUE); } @@ -783,7 +783,7 @@ Mesg.time = MsqCalculateMessageTime(&LargeTickCount); IntGetCursorLocation(WinSta, &Mesg.pt); MsqPostMessage(Window->MessageQueue, &Mesg, FALSE, QS_HOTKEY); - ObmDereferenceObject(Window); + UserDereferenceObject(Window); ObDereferenceObject (Thread);
// InsertHeadList(&pThread->MessageQueue->PostedMessagesListHead,
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/ntuser.c Wed Feb 13 03:46:23 2008 @@ -44,7 +44,7 @@
ExInitializeResourceLite(&UserLock);
- if (!ObmCreateHandleTable()) + if (!UserCreateHandleTable()) { DPRINT1("Failed creating handle table\n"); return STATUS_INSUFFICIENT_RESOURCES;
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/object.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/object.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/object.c Wed Feb 13 03:46:23 2008 @@ -69,7 +69,7 @@ if (ht->nb_handles >= ht->allocated_handles) /* need to grow the array */ { /**/ - int i, iFree = 0, iWindow = 0, iMenu = 0, iCursorIcon = 0, + int i, iFree = 0, iWindow = 0, iMenu = 0, iCursorIcon = 0, iHook = 0, iCallProc = 0, iAccel = 0, iMonitor = 0; /**/ DPRINT1("Out of user handles! Used -> %i, NM_Handle -> %d\n", usedHandles, ht->nb_handles); @@ -108,7 +108,7 @@ } DPRINT1("Handle Count by Type:\n Free = %d Window = %d Menu = %d CursorIcon = %d Hook = %d\n CallProc = %d Accel = %d Monitor = %d\n", iFree, iWindow, iMenu, iCursorIcon, iHook, iCallProc, iAccel, iMonitor ); -//#endif +//#endif return NULL; #if 0 PUSER_HANDLE_ENTRY new_handles; @@ -198,6 +198,10 @@ entry->pi = UserHandleOwnerByType(type); if (++entry->generation >= 0xffff) entry->generation = 1; + + /* We have created a handle, which is a reference! */ + UserReferenceObject(object); + return entry_to_handle(ht, entry ); }
@@ -241,18 +245,24 @@ return entry->ptr; }
-/* free a user handle and return a pointer to the object */ -PVOID UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ) -{ - PUSER_HANDLE_ENTRY entry; +/* free a user handle */ +BOOL UserFreeHandle(PUSER_HANDLE_TABLE ht, HANDLE handle ) +{ + PUSER_HANDLE_ENTRY entry; + PVOID object;
if (!(entry = handle_to_entry( ht, handle ))) { SetLastNtError( STATUS_INVALID_HANDLE ); - return NULL; - } - - return free_user_entry(ht, entry ); + return FALSE; + } + + object = free_user_entry(ht, entry ); + + /* We removed the handle, which was a reference! */ + return UserDereferenceObject(object); + + return TRUE; }
/* return the next user handle after 'handle' that is of a given type */ @@ -284,7 +294,7 @@
PVOID FASTCALL -ObmCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size) +UserCreateObject(PUSER_HANDLE_TABLE ht, HANDLE* h,USER_OBJECT_TYPE type , ULONG size) {
HANDLE hi; @@ -303,7 +313,7 @@
RtlZeroMemory(hdr, size + sizeof(USER_OBJECT_HEADER)); hdr->hSelf = hi; - hdr->RefCount++; //temp hack! + hdr->RefCount = 2; // we need this, because we create 2 refs: handle and pointer!
if (h) *h = hi; @@ -311,7 +321,7 @@ }
BOOL FASTCALL -ObmDeleteObject(HANDLE h, USER_OBJECT_TYPE type ) +UserDeleteObject(HANDLE h, USER_OBJECT_TYPE type ) { PUSER_OBJECT_HEADER hdr; PVOID body = UserGetObject(gHandleTable, h, type); @@ -319,42 +329,45 @@ return FALSE;
hdr = USER_BODY_TO_HEADER(body); + ASSERT(hdr->RefCount >= 1); + + hdr->destroyed = TRUE; + return UserFreeHandle(gHandleTable, h); +} + + +VOID FASTCALL UserReferenceObject(PVOID obj) +{ + PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj); + ASSERT(hdr->RefCount >= 0);
- hdr->destroyed = TRUE; - if (hdr->RefCount == 0) - { - UserFreeHandle(gHandleTable, h); - - memset(hdr, 0x55, sizeof(USER_OBJECT_HEADER)); - - UserHeapFree(hdr); - //ExFreePool(hdr); - return TRUE; - } - -// DPRINT1("info: something not destroyed bcause refs still left, inuse %i\n",usedHandles); - return FALSE; -} - - -VOID FASTCALL ObmReferenceObject(PVOID obj) -{ - PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj); - - ASSERT(hdr->RefCount >= 0); - hdr->RefCount++; }
-HANDLE FASTCALL ObmObjectToHandle(PVOID obj) + +PVOID FASTCALL UserReferenceObjectByHandle(HANDLE handle, USER_OBJECT_TYPE type) +{ + PVOID object; + + object = UserGetObject(gHandleTable, handle, type); + if(object) + { + UserReferenceObject(object); + } + + return object; +} + + +HANDLE FASTCALL UserObjectToHandle(PVOID obj) { PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj); return hdr->hSelf; }
-BOOL FASTCALL ObmDereferenceObject2(PVOID obj) +BOOL FASTCALL UserDereferenceObject(PVOID obj) { PUSER_OBJECT_HEADER hdr = USER_BODY_TO_HEADER(obj);
@@ -363,17 +376,19 @@ hdr->RefCount--;
// You can not have a zero here! - if (!hdr->destroyed && hdr->RefCount == 0) hdr->RefCount++; // BOUNCE!!!!! + if (!hdr->destroyed && hdr->RefCount == 0) + { + hdr->RefCount++; // BOUNCE!!!!! + DPRINT1("warning! Dereference to zero without deleting!\n"); + }
if (hdr->RefCount == 0 && hdr->destroyed) { // DPRINT1("info: something destroyed bcaise of deref, in use=%i\n",usedHandles);
- UserFreeHandle(gHandleTable, hdr->hSelf); - memset(hdr, 0x55, sizeof(USER_OBJECT_HEADER));
- UserHeapFree(hdr); + return UserHeapFree(hdr); //ExFreePool(hdr);
return TRUE; @@ -384,7 +399,7 @@
-BOOL FASTCALL ObmCreateHandleTable() +BOOL FASTCALL UserCreateHandleTable() {
PVOID mem;
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/window.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c Wed Feb 13 03:46:23 2008 @@ -414,7 +414,7 @@ else co_UserFreeWindow(Child, ProcessData, ThreadData, SendMessages);
- UserDerefObject(Child); + UserDereferenceObject(Child); } } ExFreePool(Children); @@ -491,8 +491,8 @@
IntUnlinkWindow(Window);
- UserRefObject(Window); - ObmDeleteObject(Window->hSelf, otWindow); + UserReferenceObject(Window); + UserDeleteObject(Window->hSelf, otWindow);
IntDestroyScrollBars(Window);
@@ -510,7 +510,7 @@ ASSERT(Window->Wnd != NULL); UserFreeWindowInfo(Window->ti, Window);
- UserDerefObject(Window); + UserDereferenceObject(Window);
IntClipboardFreeWindow(Window);
@@ -989,7 +989,7 @@ if (WndOldOwner) { ret = WndOldOwner->hSelf; - UserDerefObject(WndOldOwner); + UserDereferenceObject(WndOldOwner); } else { @@ -1007,7 +1007,7 @@ Wnd->Wnd->Owner = NULL; }
- UserDerefObject(Wnd); + UserDereferenceObject(Wnd); return ret; }
@@ -1042,7 +1042,7 @@
WndOldParent = Wnd->Parent;
- if (WndOldParent) UserRefObject(WndOldParent); /* caller must deref */ + if (WndOldParent) UserReferenceObject(WndOldParent); /* caller must deref */
if (WndNewParent != WndOldParent) { @@ -1064,9 +1064,9 @@ } else { -// UserRefObject(InsertAfter); +// UserReferenceObject(InsertAfter); IntLinkWindow(Wnd, WndNewParent, InsertAfter /*prev sibling*/); -// UserDerefObject(InsertAfter); +// UserDereferenceObject(InsertAfter); } }
@@ -1092,7 +1092,7 @@ // { // if(!IntIsWindow(WndOldParent->hSelf)) // { -// UserDerefObject(WndOldParent); +// UserDereferenceObject(WndOldParent); // return NULL; // }
@@ -1607,7 +1607,7 @@
/* Create the window object. */ Window = (PWINDOW_OBJECT) - ObmCreateObject(gHandleTable, (PHANDLE)&hWnd, + UserCreateObject(gHandleTable, (PHANDLE)&hWnd, otWindow, sizeof(WINDOW_OBJECT)); if (Window) { @@ -1982,7 +1982,7 @@ if (!Result) { /* FIXME: Cleanup. */ - DPRINT("IntCreateWindowEx(): NCCREATE message failed.\n"); + DPRINT1("IntCreateWindowEx(): NCCREATE message failed. No cleanup performed!\n"); RETURN((HWND)0); }
@@ -2046,7 +2046,7 @@ if (Result == (LRESULT)-1) { /* FIXME: Cleanup. */ - DPRINT("IntCreateWindowEx(): send CREATE message failed.\n"); + DPRINT1("IntCreateWindowEx(): send CREATE message failed. No cleanup performed!\n"); RETURN((HWND)0); }
@@ -2166,7 +2166,11 @@ CLEANUP: if (!_ret_ && Window && Window->Wnd && ti) UserFreeWindowInfo(ti, Window); - if (Window) UserDerefObjectCo(Window); + if (Window) + { + UserDerefObjectCo(Window); + UserDereferenceObject(Window); + } if (ParentWindow) UserDerefObjectCo(ParentWindow); if (!_ret_ && ti != NULL) { @@ -2834,7 +2838,7 @@ }
//temp hack -// UserDerefObject(Parent); +// UserDereferenceObject(Parent);
WndAncestor = Parent; } @@ -2935,7 +2939,7 @@ if (!(Wnd = UserGetWindowObject(hWnd))) { RETURN( FALSE ); - } + } _SEH_TRY { if(pcbi) @@ -2958,7 +2962,7 @@ CLEANUP: DPRINT("Leave NtUserGetComboBoxInfo, ret=%i\n",_ret_); UserLeave(); - END_CLEANUP; + END_CLEANUP; }
@@ -3013,21 +3017,21 @@ { PWINDOW_OBJECT Wnd; DECLARE_RETURN(DWORD); - + DPRINT("Enter NtUserGetListBoxInfo\n"); UserEnterShared();
if (!(Wnd = UserGetWindowObject(hWnd))) { RETURN( 0 ); - } + }
RETURN( (DWORD) co_IntSendMessage( Wnd->hSelf, LB_GETLISTBOXINFO, 0, 0 ));
CLEANUP: DPRINT("Leave NtUserGetListBoxInfo, ret=%i\n",_ret_); UserLeave(); - END_CLEANUP; + END_CLEANUP; }
@@ -3081,7 +3085,7 @@ if (WndOldParent) { hWndOldParent = WndOldParent->hSelf; - UserDerefObject(WndOldParent); + UserDereferenceObject(WndOldParent); }
return( hWndOldParent); @@ -4599,7 +4603,7 @@ RETURN( NULL);
CLEANUP: - if (Window) UserDerefObject(Window); + if (Window) UserDereferenceObject(Window); if (DesktopWindow) UserDerefObjectCo(DesktopWindow);
DPRINT("Leave NtUserWindowFromPoint, ret=%i\n",_ret_);
Modified: trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntu... ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/winpos.c Wed Feb 13 03:46:23 2008 @@ -1005,14 +1005,14 @@ } if (NULL != InsertAfterWindow) { - UserRefObject(InsertAfterWindow); + UserReferenceObject(InsertAfterWindow); } } else if (WinPos.hwndInsertAfter == HWND_BOTTOM) { if(ParentWindow->LastChild) { - UserRefObject(ParentWindow->LastChild); + UserReferenceObject(ParentWindow->LastChild); InsertAfterWindow = ParentWindow->LastChild; } else @@ -1028,7 +1028,7 @@ IntLinkWindow(Window, ParentWindow, InsertAfterWindow); } if (InsertAfterWindow != NULL) - UserDerefObject(InsertAfterWindow); + UserDereferenceObject(InsertAfterWindow); if ((HWND_TOPMOST == WinPos.hwndInsertAfter) || (0 != (Window->Wnd->ExStyle & WS_EX_TOPMOST) && NULL != Window->PrevSibling @@ -1588,9 +1588,9 @@ continue; }
- if (*Window) UserDerefObject(*Window); + if (*Window) UserDereferenceObject(*Window); *Window = Current; - UserRefObject(*Window); + UserReferenceObject(*Window);
if (CurrentWnd->Style & WS_MINIMIZE) {
-
tkreuzer@svn.reactos.org