From ad10829f1d2d0cf8618b943833d904da862eec10 Mon Sep 17 00:00:00 2001 From: Alex Ionescu Date: Wed, 11 Jan 2006 20:16:29 +0000 Subject: [PATCH] - Fix probably one of the most devastating hidden ROS bugs currently in trunk. KWAIT_BLOCK's WaitType was defined as USHORT instead of UCHAR, causing a KeWaitForMultipleObjects of 2 or more objects to overwrite the Thread's PreviousMode (an effect of this is that 99% of user-mode callbacks from win32k were being done with the mode set to Kernel-Mode instead of UserMode). A KeWaitForMultipleObjects of 3 or more objects, or the timer object itself in some cases would cause this conflict to occur with the ResourceIndex member, potentially corrupting the ERESOURCE owner table in my updated implementation. svn path=/trunk/; revision=20788 --- reactos/w32api/include/ddk/winddk.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reactos/w32api/include/ddk/winddk.h b/reactos/w32api/include/ddk/winddk.h index d86452a594a..2d3ac42636b 100644 --- a/reactos/w32api/include/ddk/winddk.h +++ b/reactos/w32api/include/ddk/winddk.h @@ -4118,7 +4118,8 @@ typedef struct _KWAIT_BLOCK { PVOID Object; struct _KWAIT_BLOCK * RESTRICTED_POINTER NextWaitBlock; USHORT WaitKey; - USHORT WaitType; + UCHAR WaitType; + UCHAR SpareByte; } KWAIT_BLOCK, *PKWAIT_BLOCK, *RESTRICTED_POINTER PRKWAIT_BLOCK; typedef struct _IO_REMOVE_LOCK_TRACKING_BLOCK * PIO_REMOVE_LOCK_TRACKING_BLOCK;