[MSFS]

Prevent a race condition on reading message from list.
Spotted by Thomas

svn path=/trunk/; revision=69480

diff --git a/reactos/drivers/filesystems/msfs/rw.c b/reactos/drivers/filesystems/msfs/rw.c
index a62a859..30e4d4d 100644 (file)
--- a/reactos/drivers/filesystems/msfs/rw.c
+++ b/reactos/drivers/filesystems/msfs/rw.c
@@ -33,6 +33,7 @@ MsfsRead(PDEVICE_OBJECT DeviceObject,
     PKTIMER Timer;
     PMSFS_DPC_CTX Context;
     PKDPC Dpc;
+    PLIST_ENTRY Entry;
 
     DPRINT("MsfsRead(DeviceObject %p Irp %p)\n", DeviceObject, Irp);
 
@@ -63,18 +64,15 @@ MsfsRead(PDEVICE_OBJECT DeviceObject,
 
     if (Fcb->MessageCount > 0)
     {
-        /* copy current message into buffer */
-        Message = CONTAINING_RECORD(Fcb->MessageListHead.Flink,
-                                    MSFS_MESSAGE,
-                                    MessageListEntry);
+        KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
+        Entry = RemoveHeadList(&Fcb->MessageListHead);
+        KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
 
+        /* copy current message into buffer */
+        Message = CONTAINING_RECORD(Entry, MSFS_MESSAGE, MessageListEntry);
         memcpy(Buffer, &Message->Buffer, min(Message->Size,Length));
         LengthRead = Message->Size;
 
-        KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
-        RemoveHeadList(&Fcb->MessageListHead);
-        KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
-
         ExFreePoolWithTag(Message, 'rFsM');
         Fcb->MessageCount--;
         if (Fcb->MessageCount == 0)