projects / reactos.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ec86c24)
[WIN23K]
authorTimo Kreuzer <timo.kreuzer@reactos.org>
Wed, 12 Aug 2015 10:34:05 +0000 (10:34 +0000)
committerTimo Kreuzer <timo.kreuzer@reactos.org>
Wed, 12 Aug 2015 10:34:05 +0000 (10:34 +0000)
Make sure to attach to the specified process before dereferencing ClientInfo, which is a user mode structure.
CORE-l0017 #resolve

svn path=/trunk/; revision=68702

reactos/win32ss/user/ntuser/message.c patch | blob | history

diff --git a/reactos/win32ss/user/ntuser/message.c b/reactos/win32ss/user/ntuser/message.c
index f2929f3..6b21310 100644 (file)
--- a/reactos/win32ss/user/ntuser/message.c
+++ b/reactos/win32ss/user/ntuser/message.c
@@ -2870,6 +2870,7 @@ NtUserWaitForInputIdle( IN HANDLE hProcess,
     NTSTATUS Status;
     HANDLE Handles[3];
     LARGE_INTEGER Timeout;
+    KAPC_STATE ApcState;
 
     UserEnterExclusive();
 
@@ -2915,6 +2916,8 @@ NtUserWaitForInputIdle( IN HANDLE hProcess,
     if (dwMilliseconds != INFINITE)
        Timeout.QuadPart = (LONGLONG) dwMilliseconds * (LONGLONG) -10000;
 
+    KeStackAttachProcess(&Process->Pcb, &ApcState);
+
     W32Process->W32PF_flags |= W32PF_WAITFORINPUTIDLE;
     for (pti = W32Process->ptiList; pti; pti = pti->ptiSibling)
     {
@@ -2922,6 +2925,8 @@ NtUserWaitForInputIdle( IN HANDLE hProcess,
        pti->pClientInfo->dwTIFlags = pti->TIF_flags;
     }
 
+    KeUnstackDetachProcess(&ApcState);
+
     TRACE("WFII: ppi %p\n", W32Process);
     TRACE("WFII: waiting for %p\n", Handles[1] );
 
A free Windows-compatible Operating System