projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 6de65dd)
[RTL]
authorThomas Faber <thomas.faber@reactos.org>
Sat, 15 Apr 2017 17:39:49 +0000 (17:39 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Sat, 15 Apr 2017 17:39:49 +0000 (17:39 +0000)
- In Wait_thread_proc, prioritize the cancel event over the wait object. This avoids executing the callback again after RtlDeregisterWait has been called.
Fixes ThemeStartCallback being called twice, causing a double free.
CORE-13074 #resolve

svn path=/trunk/; revision=74318

reactos/sdk/lib/rtl/wait.c patch | blob | history

diff --git a/reactos/sdk/lib/rtl/wait.c b/reactos/sdk/lib/rtl/wait.c
index 3dc1c2a..5cecf6c 100644 (file)
--- a/reactos/sdk/lib/rtl/wait.c
+++ b/reactos/sdk/lib/rtl/wait.c
@@ -45,7 +45,7 @@ Wait_thread_proc(LPVOID Arg)
     PRTLP_WAIT Wait = (PRTLP_WAIT) Arg;
     NTSTATUS Status;
     BOOLEAN alertable = (Wait->Flags & WT_EXECUTEINIOTHREAD) != 0;
-    HANDLE handles[2] = { Wait->Object, Wait->CancelEvent };
+    HANDLE handles[2] = { Wait->CancelEvent, Wait->Object };
     LARGE_INTEGER timeout;
     HANDLE completion_event;
 
@@ -59,11 +59,11 @@ Wait_thread_proc(LPVOID Arg)
                                            alertable,
                                            get_nt_timeout( &timeout, Wait->Milliseconds ) );
 
-        if (Status == STATUS_WAIT_0 || Status == STATUS_TIMEOUT)
+        if (Status == STATUS_WAIT_1 || Status == STATUS_TIMEOUT)
         {
             BOOLEAN TimerOrWaitFired;
 
-            if (Status == STATUS_WAIT_0)
+            if (Status == STATUS_WAIT_1)
             {
    //             TRACE( "object %p signaled, calling callback %p with context %p\n",
    //                 Wait->Object, Wait->Callback,
A free Windows-compatible Operating System