From 32f8a44f8e26b710208b61e3c3a5ab9f104ff420 Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Thu, 16 Oct 2014 16:40:13 +0000
Subject: [PATCH] [NPFS] - Don't call RtlEqualUnicodeString (paged code) while
 holding a spin lock. Powered by Driver Verifier.

svn path=/trunk/; revision=64762
---
 reactos/drivers/filesystems/npfs/waitsup.c | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/reactos/drivers/filesystems/npfs/waitsup.c b/reactos/drivers/filesystems/npfs/waitsup.c
index 42e15e861fc..31c9808dcab 100644
--- a/reactos/drivers/filesystems/npfs/waitsup.c
+++ b/reactos/drivers/filesystems/npfs/waitsup.c
@@ -99,6 +99,22 @@ NpInitializeWaitQueue(IN PNP_WAIT_QUEUE WaitQueue)
     KeInitializeSpinLock(&WaitQueue->WaitLock);
 }
 
+static
+BOOLEAN
+NpEqualUnicodeString(IN PCUNICODE_STRING String1,
+                     IN PCUNICODE_STRING String2)
+{
+    SIZE_T EqualLength;
+
+    if (String1->Length != String2->Length)
+        return FALSE;
+
+    EqualLength = RtlCompareMemory(String1->Buffer,
+                                   String2->Buffer,
+                                   String1->Length);
+    return EqualLength == String1->Length;
+}
+
 NTSTATUS
 NTAPI
 NpCancelWaiter(IN PNP_WAIT_QUEUE WaitQueue,
@@ -156,7 +172,8 @@ NpCancelWaiter(IN PNP_WAIT_QUEUE WaitQueue,
             PipeName.MaximumLength = PipeName.Length;
         }
 
-        if (RtlEqualUnicodeString(&WaitName, &PipeName, FALSE))
+        /* Can't use RtlEqualUnicodeString with a spinlock held */
+        if (NpEqualUnicodeString(&WaitName, &PipeName))
         {
             /* Found a matching wait. Cancel it */
             RemoveEntryList(&WaitIrp->Tail.Overlay.ListEntry);