From 61021517a70c74bac33140f872bb1d2cb8f73db0 Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Fri, 20 Feb 2015 12:04:57 +0000 Subject: [PATCH] [NTOS:PS] - In PspExitThread, correctly set the ZeroInit field of the message before calling LpcRequestPort (which would otherwise complain with STATUS_INVALID_PARAMETER and fail to send the message) - In NtRegisterThreadTerminatePort, dereference the port object in case of failure, not a null pointer CORE-9234 #resolve svn path=/trunk/; revision=66369 --- reactos/ntoskrnl/ps/kill.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/reactos/ntoskrnl/ps/kill.c b/reactos/ntoskrnl/ps/kill.c index ab0413e6626..f2093822f14 100644 --- a/reactos/ntoskrnl/ps/kill.c +++ b/reactos/ntoskrnl/ps/kill.c @@ -696,11 +696,11 @@ PspExitThread(IN NTSTATUS ExitStatus) * port, which means that it died before being fully created. Since we * still have to notify an LPC Server, we'll use the exception port, * which we know exists. However, we need to know how far the thread - * actually got created. We have three possibilites: + * actually got created. We have three possibilities: * * - NtCreateThread returned an error really early: DeadThread is set. * - NtCreateThread managed to create the thread: DeadThread is off. - * - NtCreateThread was creating the thread (with Deadthread set, + * - NtCreateThread was creating the thread (with DeadThread set, * but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING * is our exit code.) * @@ -709,6 +709,7 @@ PspExitThread(IN NTSTATUS ExitStatus) */ /* Setup the message header */ + TerminationMsg.h.u2.ZeroInit = 0; TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED; TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg); TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) - @@ -1202,7 +1203,7 @@ NtTerminateProcess(IN HANDLE ProcessHandle OPTIONAL, if (!ExAcquireRundownProtection(&Process->RundownProtect)) { /* Failed to lock, fail */ - ObDereferenceObject (Process); + ObDereferenceObject(Process); return STATUS_PROCESS_IS_TERMINATING; } @@ -1372,6 +1373,6 @@ NtRegisterThreadTerminatePort(IN HANDLE PortHandle) } /* Dereference and Fail */ - ObDereferenceObject(TerminationPort); + ObDereferenceObject(TerminationLpcPort); return STATUS_INSUFFICIENT_RESOURCES; }