[NtUser] - Prevent a crash when Tcb.Win32Thread NULL.

svn path=/trunk/; revision=57082

diff --git a/reactos/win32ss/user/ntuser/main.c b/reactos/win32ss/user/ntuser/main.c
index 75b46da..084b417 100644 (file)
--- a/reactos/win32ss/user/ntuser/main.c
+++ b/reactos/win32ss/user/ntuser/main.c
@@ -490,9 +490,9 @@ UserDestroyThreadInfo(struct _ETHREAD *Thread)
     }
 
     /* Free the message queue */
-    if(ptiCurrent->MessageQueue)
+    if (ptiCurrent->MessageQueue)
     {
-       MsqDestroyMessageQueue(ptiCurrent->MessageQueue);
+       MsqDestroyMessageQueue(ptiCurrent);
     }
 
     /* Find the THREADINFO in the PROCESSINFO's list */

diff --git a/reactos/win32ss/user/ntuser/msgqueue.c b/reactos/win32ss/user/ntuser/msgqueue.c
index 233a7e3..2e6329f 100644 (file)
--- a/reactos/win32ss/user/ntuser/msgqueue.c
+++ b/reactos/win32ss/user/ntuser/msgqueue.c
@@ -1902,15 +1902,14 @@ MsqInitializeMessageQueue(struct _ETHREAD *Thread, PUSER_MESSAGE_QUEUE MessageQu
 }
 
 VOID FASTCALL
-MsqCleanupMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue)
+MsqCleanupMessageQueue(PTHREADINFO pti)
 {
+   PUSER_MESSAGE_QUEUE MessageQueue;
    PLIST_ENTRY CurrentEntry;
    PUSER_MESSAGE CurrentMessage;
    PUSER_SENT_MESSAGE CurrentSentMessage;
-   PTHREADINFO pti;
-
-   pti = MessageQueue->Thread->Tcb.Win32Thread;
 
+   MessageQueue = pti->MessageQueue;
 
    /* cleanup posted messages */
    while (!IsListEmpty(&MessageQueue->PostedMessagesListHead))
@@ -2026,7 +2025,7 @@ MsqCleanupMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue)
    }
 
    // Clear it all out.
-   if(pti->pcti)
+   if (pti->pcti)
    {
        pti->pcti->fsWakeBits = 0;
        pti->pcti->fsChangeBits = 0;
@@ -2059,7 +2058,6 @@ MsqCleanupMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue)
 
        UserDereferenceObject(pCursor);
    }
-
 }
 
 PUSER_MESSAGE_QUEUE FASTCALL
@@ -2090,9 +2088,10 @@ MsqCreateMessageQueue(struct _ETHREAD *Thread)
 }
 
 VOID FASTCALL
-MsqDestroyMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue)
+MsqDestroyMessageQueue(PTHREADINFO pti)
 {
    PDESKTOP desk;
+   PUSER_MESSAGE_QUEUE MessageQueue = pti->MessageQueue;
 
    MessageQueue->QF_flags |= QF_INDESTROY;
 
@@ -2104,7 +2103,7 @@ MsqDestroyMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue)
    }
 
    /* clean it up */
-   MsqCleanupMessageQueue(MessageQueue);
+   MsqCleanupMessageQueue(pti);
 
    if (MessageQueue->NewMessagesHandle != NULL)
       ZwClose(MessageQueue->NewMessagesHandle);

diff --git a/reactos/win32ss/user/ntuser/msgqueue.h b/reactos/win32ss/user/ntuser/msgqueue.h
index 0cc4a01..9130136 100644 (file)
--- a/reactos/win32ss/user/ntuser/msgqueue.h
+++ b/reactos/win32ss/user/ntuser/msgqueue.h
@@ -50,6 +50,7 @@ typedef struct _USER_MESSAGE_QUEUE
   /* Reference counter, only access this variable with interlocked functions! */
   LONG References;
 
+  PTHREADINFO ptiSysLock;
   /* Owner of the message queue */
   struct _ETHREAD *Thread;
   /* Queue of messages sent to the queue. */
@@ -182,7 +183,7 @@ co_MsqPeekMouseMove(IN PUSER_MESSAGE_QUEUE MessageQueue,
                     OUT MSG* pMsg);
 BOOLEAN FASTCALL MsqInitializeMessageQueue(struct _ETHREAD *Thread, PUSER_MESSAGE_QUEUE MessageQueue);
 PUSER_MESSAGE_QUEUE FASTCALL MsqCreateMessageQueue(struct _ETHREAD *Thread);
-VOID FASTCALL MsqDestroyMessageQueue(PUSER_MESSAGE_QUEUE MessageQueue);
+VOID FASTCALL MsqDestroyMessageQueue(PTHREADINFO);
 INIT_FUNCTION NTSTATUS NTAPI MsqInitializeImpl(VOID);
 BOOLEAN FASTCALL co_MsqDispatchOneSentMessage(PUSER_MESSAGE_QUEUE MessageQueue);
 NTSTATUS FASTCALL