Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-05 21:21:33 +00:00
Code Issues Projects Releases Packages Wiki Activity

[WIN32SS]

Browse source 
- Do not call the driver Escape routine while holding locks on GDI objects
CORE-7727
This commit is contained in:
Jérôme Gardou 2017-10-23 20:34:02 +02:00 committed by Jérôme Gardou
parent e12763d5bc
commit 3e1a54151f
3 changed files with 117 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
win32ss/gdi/eng/pdevobj.h
View file

@ -201,4 +201,11 @@ PDEVOBJ_pdmMatchDevMode(
PPDEVOBJ ppdev, PPDEVOBJ ppdev,
PDEVMODEW pdm); PDEVMODEW pdm);
FORCEINLINE
VOID
PDEVOBJ_vReference(PPDEVOBJ ppdev)
{
InterlockedIncrement(&ppdev->cPdevRefs);
}
#endif /* !__WIN32K_PDEVOBJ_H */ #endif /* !__WIN32K_PDEVOBJ_H */

7
win32ss/gdi/eng/surface.h
View file

@ -90,6 +90,13 @@ enum _SURFACEFLAGS
/* NOTE: Use shared locks! */ /* NOTE: Use shared locks! */
#define SURFACE_ShareLockSurface(hBMObj) \ #define SURFACE_ShareLockSurface(hBMObj) \
((PSURFACE) GDIOBJ_ShareLockObj ((HGDIOBJ) hBMObj, GDI_OBJECT_TYPE_BITMAP)) ((PSURFACE) GDIOBJ_ShareLockObj ((HGDIOBJ) hBMObj, GDI_OBJECT_TYPE_BITMAP))
FORCEINLINE
VOID
SURFACE_ShareLockByPointer(PSURFACE psurf)
{
GDIOBJ_vReferenceObjectByPointer(&psurf->BaseObject);
}
#define SURFACE_UnlockSurface(pBMObj) \ #define SURFACE_UnlockSurface(pBMObj) \
GDIOBJ_vUnlockObject ((POBJ)pBMObj) GDIOBJ_vUnlockObject ((POBJ)pBMObj)
#define SURFACE_ShareUnlockSurface(pBMObj) \ #define SURFACE_ShareUnlockSurface(pBMObj) \

179
win32ss/gdi/ntgdi/print.c
View file

@ -75,43 +75,6 @@ NtGdiEscape(HDC hDC,
return ret; return ret;
} }
INT
APIENTRY
IntGdiExtEscape(
PDC dc,
INT Escape,
INT InSize,
LPCSTR InData,
INT OutSize,
LPSTR OutData)
{
SURFACE *psurf;
INT Result;
if ((dc->ppdev->DriverFunctions.Escape == NULL) ||
(dc->dclevel.pSurface == NULL))
{
Result = 0;
}
else
{
DC_vPrepareDCsForBlit(dc, NULL, NULL, NULL);
psurf = dc->dclevel.pSurface;
Result = dc->ppdev->DriverFunctions.Escape(
&psurf->SurfObj,
Escape,
InSize,
(PVOID)InData,
OutSize,
(PVOID)OutData );
DC_vFinishBlit(dc, NULL);
}
return Result;
}
INT INT
APIENTRY APIENTRY
NtGdiExtEscape( NtGdiExtEscape(
@ -124,22 +87,73 @@ NtGdiExtEscape(
INT OutSize, INT OutSize,
OPTIONAL LPSTR UnsafeOutData) OPTIONAL LPSTR UnsafeOutData)
{ {
PDC pDC;
LPVOID SafeInData = NULL; LPVOID SafeInData = NULL;
LPVOID SafeOutData = NULL; LPVOID SafeOutData = NULL;
NTSTATUS Status = STATUS_SUCCESS; NTSTATUS Status = STATUS_SUCCESS;
INT Result; INT Result;
PPDEVOBJ ppdev;
PSURFACE psurf;
if (hDC == 0) if (hDC == NULL)
{ {
hDC = UserGetWindowDC(NULL); if (pDriver)
{
/* FIXME : Get the pdev from its name */
UNIMPLEMENTED;
return -1;
}
ppdev = EngpGetPDEV(NULL);
if (!ppdev)
{
EngSetLastError(ERROR_BAD_DEVICE);
return -1;
}
/* We're using the primary surface of the pdev. Lock it */
EngAcquireSemaphore(ppdev->hsemDevLock);
psurf = ppdev->pSurface;
if (!psurf)
{
EngReleaseSemaphore(ppdev->hsemDevLock);
PDEVOBJ_vRelease(ppdev);
return 0;
}
SURFACE_ShareLockByPointer(psurf);
}
else
{
PDC pDC = DC_LockDc(hDC);
if ( pDC == NULL )
{
EngSetLastError(ERROR_INVALID_HANDLE);
return -1;
}
/* Get the PDEV from the DC */
ppdev = pDC->ppdev;
PDEVOBJ_vReference(ppdev);
/* Check if we have a surface */
psurf = pDC->dclevel.pSurface;
if (!psurf)
{
DC_UnlockDc(pDC);
PDEVOBJ_vRelease(ppdev);
return 0;
}
SURFACE_ShareLockByPointer(psurf);
/* We're done with the DC */
DC_UnlockDc(pDC);
} }
pDC = DC_LockDc(hDC); /* See if we actually have a driver function to call */
if ( pDC == NULL ) if (ppdev->DriverFunctions.Escape == NULL)
{ {
EngSetLastError(ERROR_INVALID_HANDLE); Result = 0;
return -1; goto Exit;
} }
if ( InSize && UnsafeInData ) if ( InSize && UnsafeInData )
@ -158,17 +172,16 @@ NtGdiExtEscape(
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
DC_UnlockDc(pDC); Result = -1;
SetLastNtError(Status); goto Exit;
return -1;
} }
SafeInData = ExAllocatePoolWithTag ( PagedPool, InSize, GDITAG_TEMP ); SafeInData = ExAllocatePoolWithTag ( PagedPool, InSize, GDITAG_TEMP );
if ( !SafeInData ) if ( !SafeInData )
{ {
DC_UnlockDc(pDC);
EngSetLastError(ERROR_NOT_ENOUGH_MEMORY); EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
return -1; Result = -1;
goto Exit;
} }
_SEH2_TRY _SEH2_TRY
@ -186,10 +199,9 @@ NtGdiExtEscape(
if ( !NT_SUCCESS(Status) ) if ( !NT_SUCCESS(Status) )
{ {
ExFreePoolWithTag ( SafeInData, GDITAG_TEMP );
DC_UnlockDc(pDC);
SetLastNtError(Status); SetLastNtError(Status);
return -1; Result = -1;
goto Exit;
} }
} }
@ -209,50 +221,65 @@ NtGdiExtEscape(
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
SetLastNtError(Status); SetLastNtError(Status);
goto freeout; Result = -1;
goto Exit;
} }
SafeOutData = ExAllocatePoolWithTag ( PagedPool, OutSize, GDITAG_TEMP ); SafeOutData = ExAllocatePoolWithTag ( PagedPool, OutSize, GDITAG_TEMP );
if ( !SafeOutData ) if ( !SafeOutData )
{ {
EngSetLastError(ERROR_NOT_ENOUGH_MEMORY); EngSetLastError(ERROR_NOT_ENOUGH_MEMORY);
freeout: Result = -1;
if ( SafeInData ) goto Exit;
ExFreePoolWithTag ( SafeInData, GDITAG_TEMP );
DC_UnlockDc(pDC);
return -1;
} }
} }
Result = IntGdiExtEscape ( pDC, Escape, InSize, SafeInData, OutSize, SafeOutData ); /* Finally call the driver */
Result = ppdev->DriverFunctions.Escape(
&psurf->SurfObj,
Escape,
InSize,
SafeInData,
OutSize,
SafeOutData );
DC_UnlockDc(pDC); Exit:
if (hDC == NULL)
{
EngReleaseSemaphore(ppdev->hsemDevLock);
}
SURFACE_ShareUnlockSurface(psurf);
PDEVOBJ_vRelease(ppdev);
if ( SafeInData ) if ( SafeInData )
{
ExFreePoolWithTag ( SafeInData ,GDITAG_TEMP ); ExFreePoolWithTag ( SafeInData ,GDITAG_TEMP );
}
if ( SafeOutData ) if ( SafeOutData )
{ {
_SEH2_TRY if (Result > 0)
{ {
/* Pointers were already probed! */ _SEH2_TRY
RtlCopyMemory(UnsafeOutData, {
SafeOutData, /* Pointers were already probed! */
OutSize); RtlCopyMemory(UnsafeOutData, SafeOutData, OutSize);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
if ( !NT_SUCCESS(Status) )
{
SetLastNtError(Status);
Result = -1;
}
} }
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
Status = _SEH2_GetExceptionCode();
}
_SEH2_END;
ExFreePoolWithTag ( SafeOutData, GDITAG_TEMP ); ExFreePoolWithTag ( SafeOutData, GDITAG_TEMP );
if ( !NT_SUCCESS(Status) )
{
SetLastNtError(Status);
return -1;
}
} }
return Result; return Result;