Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-06-20 06:45:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

[MSFS]

Browse source 
Prevent a race condition on reading message from list.
Spotted by Thomas

svn path=/trunk/; revision=69480
This commit is contained in:
Pierre Schweitzer 2015-10-10 12:08:45 +00:00
parent 7892dc54c2
commit 4b5eca57a3
1 changed files with 6 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

14
reactos/drivers/filesystems/msfs/rw.c
View file

@ -33,6 +33,7 @@ MsfsRead(PDEVICE_OBJECT DeviceObject,
PKTIMER Timer; PKTIMER Timer;
PMSFS_DPC_CTX Context; PMSFS_DPC_CTX Context;
PKDPC Dpc; PKDPC Dpc;
PLIST_ENTRY Entry;
DPRINT("MsfsRead(DeviceObject %p Irp %p)\n", DeviceObject, Irp); DPRINT("MsfsRead(DeviceObject %p Irp %p)\n", DeviceObject, Irp);
@ -63,18 +64,15 @@ MsfsRead(PDEVICE_OBJECT DeviceObject,
if (Fcb->MessageCount > 0) if (Fcb->MessageCount > 0)
{ {
/* copy current message into buffer */ KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
Message = CONTAINING_RECORD(Fcb->MessageListHead.Flink, Entry = RemoveHeadList(&Fcb->MessageListHead);
MSFS_MESSAGE, KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
MessageListEntry);
/* copy current message into buffer */
Message = CONTAINING_RECORD(Entry, MSFS_MESSAGE, MessageListEntry);
memcpy(Buffer, &Message->Buffer, min(Message->Size,Length)); memcpy(Buffer, &Message->Buffer, min(Message->Size,Length));
LengthRead = Message->Size; LengthRead = Message->Size;
KeAcquireSpinLock(&Fcb->MessageListLock, &oldIrql);
RemoveHeadList(&Fcb->MessageListHead);
KeReleaseSpinLock(&Fcb->MessageListLock, oldIrql);
ExFreePoolWithTag(Message, 'rFsM'); ExFreePoolWithTag(Message, 'rFsM');
Fcb->MessageCount--; Fcb->MessageCount--;
if (Fcb->MessageCount == 0) if (Fcb->MessageCount == 0)