From 4b5eca57a313724f7b5afc42761be3180b02b05e Mon Sep 17 00:00:00 2001 From: Pierre Schweitzer Date: Sat, 10 Oct 2015 12:08:45 +0000 Subject: [PATCH] [MSFS] Prevent a race condition on reading message from list. Spotted by Thomas svn path=/trunk/; revision=69480 --- reactos/drivers/filesystems/msfs/rw.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/reactos/drivers/filesystems/msfs/rw.c b/reactos/drivers/filesystems/msfs/rw.c index a62a8597961..30e4d4dd9c1 100644 --- a/reactos/drivers/filesystems/msfs/rw.c +++ b/reactos/drivers/filesystems/msfs/rw.c @@ -33,6 +33,7 @@ MsfsRead(PDEVICE_OBJECT DeviceObject, PKTIMER Timer; PMSFS_DPC_CTX Context; PKDPC Dpc; + PLIST_ENTRY Entry; DPRINT("MsfsRead(DeviceObject %p Irp %p)\n", DeviceObject, Irp); @@ -63,18 +64,15 @@ MsfsRead(PDEVICE_OBJECT DeviceObject, if (Fcb->MessageCount > 0) { - /* copy current message into buffer */ - Message = CONTAINING_RECORD(Fcb->MessageListHead.Flink, - MSFS_MESSAGE, - MessageListEntry); + KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql); + Entry = RemoveHeadList(&Fcb->MessageListHead); + KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql); + /* copy current message into buffer */ + Message = CONTAINING_RECORD(Entry, MSFS_MESSAGE, MessageListEntry); memcpy(Buffer, &Message->Buffer, min(Message->Size,Length)); LengthRead = Message->Size; - KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql); - RemoveHeadList(&Fcb->MessageListHead); - KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql); - ExFreePoolWithTag(Message, 'rFsM'); Fcb->MessageCount--; if (Fcb->MessageCount == 0)