[Win32k]
authorJames Tabor <james.tabor@reactos.org>
Fri, 6 Nov 2015 09:37:30 +0000 (09:37 +0000)
committerJames Tabor <james.tabor@reactos.org>
Fri, 6 Nov 2015 09:37:30 +0000 (09:37 +0000)
- Fix use after free crash in send messages timeout tests. See CORE-10482
- Dedicated to Thomas Faber.

svn path=/trunk/; revision=69818

reactos/win32ss/user/ntuser/msgqueue.c

index 9a41964..4db88d9 100644 (file)
@@ -778,7 +778,7 @@ AllocateUserMessage(BOOL KEvent)
       KeInitializeEvent(Message->pkCompletionEvent, NotificationEvent, FALSE);
    }
    SendMsgCount++;
-   //ERR("AUM pti %p msg %p\n",PsGetCurrentThreadWin32Thread(),Message);
+   TRACE("AUM pti %p msg %p\n",PsGetCurrentThreadWin32Thread(),Message);
    return Message;
 }
 
@@ -2226,6 +2226,12 @@ MsqCleanupThreadMsgs(PTHREADINFO pti)
          else if ( pti == CurrentSentMessage->ptiSender ||
                    pti == CurrentSentMessage->ptiCallBackSender )
          {
+            // Determine whether this message is being processed or not.
+            if ((CurrentSentMessage->flags & (SMF_RECEIVERBUSY|SMF_RECEIVEDMESSAGE)) != SMF_RECEIVEDMESSAGE)
+            {
+               CurrentSentMessage->flags |= SMF_RECEIVERFREE;
+            }
+            
             if (!(CurrentSentMessage->flags & SMF_RECEIVERFREE))
             {