[jimtabor] 57082: [NtUser] - Prevent a crash when Tcb.Win32Thread NULL. - Ros-diffs

16 Aug 2012

Author: jimtabor
Date: Thu Aug 16 02:11:11 2012
New Revision: 57082
URL: http://svn.reactos.org/svn/reactos?rev=57082&view=rev
Log:
[NtUser] - Prevent a crash when Tcb.Win32Thread NULL.
Modified:
    trunk/reactos/win32ss/user/ntuser/main.c
    trunk/reactos/win32ss/user/ntuser/msgqueue.c
    trunk/reactos/win32ss/user/ntuser/msgqueue.h
Modified: trunk/reactos/win32ss/user/ntuser/main.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/main.c?...
==============================================================================

--- trunk/reactos/win32ss/user/ntuser/main.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/main.c [iso-8859-1] Thu Aug 16 02:11:11 2012
@@ -490,9 +490,9 @@
     }
/* Free the message queue */
-    if(ptiCurrent->MessageQueue)
-    {
-       MsqDestroyMessageQueue(ptiCurrent->MessageQueue);
+    if (ptiCurrent->MessageQueue)
+    {
+       MsqDestroyMessageQueue(ptiCurrent);
     }
/* Find the THREADINFO in the PROCESSINFO's list */
Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/msgqueu...
==============================================================================
--- trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] Thu Aug 16 02:11:11 2012
@@ -1902,15 +1902,14 @@
 }
VOID FASTCALL
-MsqCleanupMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue)
-{
+MsqCleanupMessageQueue(PTHREADINFO pti)
+{
+   PUSER_MESSAGE_QUEUE MessageQueue;
    PLIST_ENTRY CurrentEntry;
    PUSER_MESSAGE CurrentMessage;
    PUSER_SENT_MESSAGE CurrentSentMessage;
-   PTHREADINFO pti;
-
-   pti = MessageQueue->Thread->Tcb.Win32Thread;
-
+
+   MessageQueue = pti->MessageQueue;
/* cleanup posted messages */
    while (!IsListEmpty(&MessageQueue->PostedMessagesListHead))
@@ -2026,7 +2025,7 @@
    }
// Clear it all out.
-   if(pti->pcti)
+   if (pti->pcti)
    {
        pti->pcti->fsWakeBits = 0;
        pti->pcti->fsChangeBits = 0;
@@ -2059,7 +2058,6 @@
UserDereferenceObject(pCursor);
    }
-
 }
PUSER_MESSAGE_QUEUE FASTCALL
@@ -2090,9 +2088,10 @@
 }
VOID FASTCALL
-MsqDestroyMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue)
+MsqDestroyMessageQueue(PTHREADINFO pti)
 {
    PDESKTOP desk;
+   PUSER_MESSAGE_QUEUE MessageQueue = pti->MessageQueue;
MessageQueue->QF_flags |= QF_INDESTROY;
@@ -2104,7 +2103,7 @@
    }
/* clean it up */
-   MsqCleanupMessageQueue(MessageQueue);
+   MsqCleanupMessageQueue(pti);
if (MessageQueue->NewMessagesHandle != NULL)
       ZwClose(MessageQueue->NewMessagesHandle);
Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/msgqueu...
==============================================================================
--- trunk/reactos/win32ss/user/ntuser/msgqueue.h [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/msgqueue.h [iso-8859-1] Thu Aug 16 02:11:11 2012
@@ -50,6 +50,7 @@
   /* Reference counter, only access this variable with interlocked functions! */
   LONG References;
+  PTHREADINFO ptiSysLock;
   /* Owner of the message queue */
   struct _ETHREAD *Thread;
   /* Queue of messages sent to the queue. */
@@ -182,7 +183,7 @@
                     OUT MSG* pMsg);
 BOOLEAN FASTCALL MsqInitializeMessageQueue(struct _ETHREAD *Thread, PUSER_MESSAGE_QUEUE MessageQueue);
 PUSER_MESSAGE_QUEUE FASTCALL MsqCreateMessageQueue(struct _ETHREAD *Thread);
-VOID FASTCALL MsqDestroyMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue);
+VOID FASTCALL MsqDestroyMessageQueue(PTHREADINFO);
 INIT_FUNCTION NTSTATUS NTAPI MsqInitializeImpl(VOID);
 BOOLEAN FASTCALL co_MsqDispatchOneSentMessage(PUSER_MESSAGE_QUEUE MessageQueue);
 NTSTATUS FASTCALL

    