[MSFS]

Prevent a race condition on reading message from list. Spotted by Thomas svn path=/trunk/; revision=69480
2024-06-30 09:50:07 +00:00 · 2015-10-10 12:08:45 +00:00 · 2015-10-10 12:08:45 +00:00 · 4b5eca57a3
parent 7892dc54c2
commit 4b5eca57a3
1 changed files with 6 additions and 8 deletions
--- a/reactos/drivers/filesystems/msfs/rw.c
+++ b/reactos/drivers/filesystems/msfs/rw.c
@ -33,6 +33,7 @@ MsfsRead(PDEVICE_OBJECT DeviceObject,
    PKTIMER Timer;
    PMSFS_DPC_CTX Context;
    PKDPC Dpc;
+    PLIST_ENTRY Entry;

    DPRINT("MsfsRead(DeviceObject %p Irp %p)\n", DeviceObject, Irp);

@ -63,18 +64,15 @@ MsfsRead(PDEVICE_OBJECT DeviceObject,

    if (Fcb->MessageCount > 0)
    {
-        /* copy current message into buffer */
-        Message = CONTAINING_RECORD(Fcb->MessageListHead.Flink,
-                                    MSFS_MESSAGE,
-                                    MessageListEntry);
+        KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
+        Entry = RemoveHeadList(&Fcb->MessageListHead);
+        KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);

+        /* copy current message into buffer */
+        Message = CONTAINING_RECORD(Entry, MSFS_MESSAGE, MessageListEntry);
        memcpy(Buffer, &Message->Buffer, min(Message->Size,Length));
        LengthRead = Message->Size;

-        KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
-        RemoveHeadList(&Fcb->MessageListHead);
-        KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
-
        ExFreePoolWithTag(Message, 'rFsM');
        Fcb->MessageCount--;
        if (Fcb->MessageCount == 0)