https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8e8f61989ae86ca0eeb7b… commit 8e8f61989ae86ca0eeb7b7a50218f1533ae03bf3 Author: Katayama Hirofumi MZ <katayama.hirofumi.mz(a)gmail.com> AuthorDate: Wed Jan 5 08:15:32 2022 +0900 Commit: GitHub <noreply(a)github.com> CommitDate: Wed Jan 5 08:15:32 2022 +0900 [NTUSER] Plan A: UserDereferenceObject in UserCreateInputContext (#4247) - Call UserDereferenceObject function in UserCreateInputContext. - Don't call UserDereferenceObject against input context at the other places. CORE-11700 --- win32ss/user/ntuser/main.c | 6 +----- win32ss/user/ntuser/ntstubs.c | 11 +++++++---- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/win32ss/user/ntuser/main.c b/win32ss/user/ntuser/main.c index fd2eed2aa79..46364a10089 100644 --- a/win32ss/user/ntuser/main.c +++ b/win32ss/user/ntuser/main.c @@ -654,11 +654,7 @@ InitThreadCallback(PETHREAD Thread) /* Create the default input context */ if (IS_IMM_MODE()) { - PIMC pIMC = UserCreateInputContext(0); - if (pIMC) - { - UserDereferenceObject(pIMC); - } + (VOID)UserCreateInputContext(0); } /* Last things to do only if we are not a SYSTEM or CSRSS thread */ diff --git a/win32ss/user/ntuser/ntstubs.c b/win32ss/user/ntuser/ntstubs.c index 015f8e30650..09b9473756a 100644 --- a/win32ss/user/ntuser/ntstubs.c +++ b/win32ss/user/ntuser/ntstubs.c @@ -482,6 +482,9 @@ PIMC FASTCALL UserCreateInputContext(ULONG_PTR dwClientImcData) if (!pIMC) return NULL; + // Release the extra reference (UserCreateObject added 2 references). + UserDereferenceObject(pIMC); + if (dwClientImcData) // Non-first time. { // Insert pIMC to the second position (non-default) of the list. @@ -506,17 +509,17 @@ NtUserCreateInputContext(ULONG_PTR dwClientImcData) PIMC pIMC; HIMC ret = NULL; + if (!dwClientImcData) + return NULL; + UserEnterExclusive(); - if (!IS_IMM_MODE() || !dwClientImcData) + if (!IS_IMM_MODE()) goto Quit; pIMC = UserCreateInputContext(dwClientImcData); if (pIMC) - { ret = UserHMGetHandle(pIMC); - UserDereferenceObject(pIMC); - } Quit: UserLeave();