Author: jimtabor Date: Thu Aug 16 02:11:11 2012 New Revision: 57082 URL: http://svn.reactos.org/svn/reactos?rev=57082&view=rev Log: [NtUser] - Prevent a crash when Tcb.Win32Thread NULL. Modified: trunk/reactos/win32ss/user/ntuser/main.c trunk/reactos/win32ss/user/ntuser/msgqueue.c trunk/reactos/win32ss/user/ntuser/msgqueue.h Modified: trunk/reactos/win32ss/user/ntuser/main.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/main.c… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/main.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/main.c [iso-8859-1] Thu Aug 16 02:11:11 2012 @@ -490,9 +490,9 @@ } /* Free the message queue */ - if(ptiCurrent->MessageQueue) - { - MsqDestroyMessageQueue(ptiCurrent->MessageQueue); + if (ptiCurrent->MessageQueue) + { + MsqDestroyMessageQueue(ptiCurrent); } /* Find the THREADINFO in the PROCESSINFO's list */ Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/msgque… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/msgqueue.c [iso-8859-1] Thu Aug 16 02:11:11 2012 @@ -1902,15 +1902,14 @@ } VOID FASTCALL -MsqCleanupMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue) -{ +MsqCleanupMessageQueue(PTHREADINFO pti) +{ + PUSER_MESSAGE_QUEUE MessageQueue; PLIST_ENTRY CurrentEntry; PUSER_MESSAGE CurrentMessage; PUSER_SENT_MESSAGE CurrentSentMessage; - PTHREADINFO pti; - - pti = MessageQueue->Thread->Tcb.Win32Thread; - + + MessageQueue = pti->MessageQueue; /* cleanup posted messages */ while (!IsListEmpty(&MessageQueue->PostedMessagesListHead)) @@ -2026,7 +2025,7 @@ } // Clear it all out. - if(pti->pcti) + if (pti->pcti) { pti->pcti->fsWakeBits = 0; pti->pcti->fsChangeBits = 0; @@ -2059,7 +2058,6 @@ UserDereferenceObject(pCursor); } - } PUSER_MESSAGE_QUEUE FASTCALL @@ -2090,9 +2088,10 @@ } VOID FASTCALL -MsqDestroyMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue) +MsqDestroyMessageQueue(PTHREADINFO pti) { PDESKTOP desk; + PUSER_MESSAGE_QUEUE MessageQueue = pti->MessageQueue; MessageQueue->QF_flags |= QF_INDESTROY; @@ -2104,7 +2103,7 @@ } /* clean it up */ - MsqCleanupMessageQueue(MessageQueue); + MsqCleanupMessageQueue(pti); if (MessageQueue->NewMessagesHandle != NULL) ZwClose(MessageQueue->NewMessagesHandle); Modified: trunk/reactos/win32ss/user/ntuser/msgqueue.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/msgque… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/msgqueue.h [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/msgqueue.h [iso-8859-1] Thu Aug 16 02:11:11 2012 @@ -50,6 +50,7 @@ /* Reference counter, only access this variable with interlocked functions! */ LONG References; + PTHREADINFO ptiSysLock; /* Owner of the message queue */ struct _ETHREAD *Thread; /* Queue of messages sent to the queue. */ @@ -182,7 +183,7 @@ OUT MSG* pMsg); BOOLEAN FASTCALL MsqInitializeMessageQueue(struct _ETHREAD *Thread, PUSER_MESSAGE_QUEUE MessageQueue); PUSER_MESSAGE_QUEUE FASTCALL MsqCreateMessageQueue(struct _ETHREAD *Thread); -VOID FASTCALL MsqDestroyMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue); +VOID FASTCALL MsqDestroyMessageQueue(PTHREADINFO); INIT_FUNCTION NTSTATUS NTAPI MsqInitializeImpl(VOID); BOOLEAN FASTCALL co_MsqDispatchOneSentMessage(PUSER_MESSAGE_QUEUE MessageQueue); NTSTATUS FASTCALL