https://git.reactos.org/?p=reactos.git;a=commitdiff;h=c7e4c3a8e9d921233c173… commit c7e4c3a8e9d921233c1731ef64c388ed40b15fcb Author: Thamatip Chitpong <tangaming123456(a)outlook.com> AuthorDate: Mon Jul 3 00:30:30 2023 +0700 Commit: GitHub <noreply(a)github.com> CommitDate: Sun Jul 2 20:30:30 2023 +0300 [NTUSER] NtUserWaitForInputIdle: Fix unhandled exception BSOD 0x1E (#5391) Fix CLIENTINFO usermode pointer access once again. Based on a patch by Michael Fritscher from CORE-10017. Addendum to 705228250741da (r68702). CORE-18728 CORE-19014 --- win32ss/user/ntuser/message.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/win32ss/user/ntuser/message.c b/win32ss/user/ntuser/message.c index 2d6164e7c7c..fbee45fec6b 100644 --- a/win32ss/user/ntuser/message.c +++ b/win32ss/user/ntuser/message.c @@ -3110,14 +3110,12 @@ NtUserWaitForInputIdle( IN HANDLE hProcess, Timeout.QuadPart = (LONGLONG) dwMilliseconds * (LONGLONG) -10000; KeStackAttachProcess(&Process->Pcb, &ApcState); - W32Process->W32PF_flags |= W32PF_WAITFORINPUTIDLE; for (pti = W32Process->ptiList; pti; pti = pti->ptiSibling) { pti->TIF_flags |= TIF_WAITFORINPUTIDLE; pti->pClientInfo->dwTIFlags = pti->TIF_flags; } - KeUnstackDetachProcess(&ApcState); TRACE("WFII: ppi %p\n", W32Process); @@ -3176,12 +3174,15 @@ NtUserWaitForInputIdle( IN HANDLE hProcess, while (TRUE); WaitExit: + KeStackAttachProcess(&Process->Pcb, &ApcState); for (pti = W32Process->ptiList; pti; pti = pti->ptiSibling) { pti->TIF_flags &= ~TIF_WAITFORINPUTIDLE; pti->pClientInfo->dwTIFlags = pti->TIF_flags; } W32Process->W32PF_flags &= ~W32PF_WAITFORINPUTIDLE; + KeUnstackDetachProcess(&ApcState); + IntDereferenceProcessInfo(W32Process); ObDereferenceObject(Process); UserLeave();