Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-11 06:55:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

[WIN32K] Prevent dereferencing NULL pointer

Browse source 
Initialize a window's ThreadListEntry as an empty list on creation and only remove the window from the list on destruction, when the entry is not an empty list. Previously the window creation could fail before the list entry was initialized and the window would get destroyed after that, resulting in a NULL pointer dereference.
This commit is contained in:
Timo Kreuzer 2023-08-18 08:35:59 +03:00
parent 41c99aa60a
commit 4661bc006d
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
win32ss/user/ntuser/window.c
View file

@ -596,7 +596,8 @@ LRESULT co_UserFreeWindow(PWND Window,
/* remove the window already at this point from the thread window list so we
don't get into trouble when destroying the thread windows while we're still
in co_UserFreeWindow() */
RemoveEntryList(&Window->ThreadListEntry);
if (!IsListEmpty(&Window->ThreadListEntry))
RemoveEntryList(&Window->ThreadListEntry);
BelongsToThreadData = IntWndBelongsToThread(Window, ThreadData);
@ -1917,6 +1918,7 @@ PWND FASTCALL IntCreateWindow(CREATESTRUCTW* Cs,
pWnd->HideAccel = pWnd->spwndParent->HideAccel;
}
InitializeListHead(&pWnd->ThreadListEntry);
pWnd->head.pti->cWindows++;
if (Class->spicn && !Class->spicnSm)