- Make console handles start at 3, not 7.

- Make CsrGetObject increment the ref count to prevent objects from being deleted while in use. Add CsrReleaseObjectByPointer calls where necessary. svn path=/trunk/; revision=34652
2025-02-25 01:39:30 +00:00 · 2008-07-22 00:33:42 +00:00 · 2008-07-22 00:33:42 +00:00 · c688052ea5
commit c688052ea5
parent ff907c5360
7 changed files with 30 additions and 11 deletions
--- a/reactos/subsystems/win32/csrss/api/handle.c
+++ b/reactos/subsystems/win32/csrss/api/handle.c
@ -63,21 +63,25 @@ CsrRegisterObjectDefinitions(PCSRSS_OBJECT_DEFINITION NewDefinitions)

 NTSTATUS STDCALL CsrGetObject( PCSRSS_PROCESS_DATA ProcessData, HANDLE Handle, Object_t **Object )
 {
-  ULONG h = (((ULONG)Handle) >> 2) - 1;
+  ULONG h = (ULONG)Handle >> 2;
  DPRINT("CsrGetObject, Object: %x, %x, %x\n", Object, Handle, ProcessData ? ProcessData->HandleTableSize : 0);

  if (ProcessData == NULL)
    {
      return STATUS_INVALID_PARAMETER;
    }
-  if (!CsrIsConsoleHandle(Handle) || ProcessData->HandleTableSize <= h)
+  RtlEnterCriticalSection(&ProcessData->HandleTableLock);
+  if (!CsrIsConsoleHandle(Handle) || h >= ProcessData->HandleTableSize
+      || (*Object = ProcessData->HandleTable[h]) == NULL)
    {
      DPRINT1("CsrGetObject returning invalid handle (%x)\n", Handle);
+      RtlLeaveCriticalSection(&ProcessData->HandleTableLock);
      return STATUS_INVALID_HANDLE;
    }
-  *Object = ProcessData->HandleTable[h];
+  _InterlockedIncrement(&(*Object)->ReferenceCount);
+  RtlLeaveCriticalSection(&ProcessData->HandleTableLock);
  //   DbgPrint( "CsrGetObject returning\n" );
-  return *Object ? STATUS_SUCCESS : STATUS_INVALID_HANDLE;
+  return STATUS_SUCCESS;
 }


@ -114,7 +118,7 @@ NTSTATUS STDCALL
 CsrReleaseObject(PCSRSS_PROCESS_DATA ProcessData,
                 HANDLE Handle)
 {
-  ULONG h = (((ULONG)Handle) >> 2) - 1;
+  ULONG h = (ULONG)Handle >> 2;
  Object_t *Object;

  if (ProcessData == NULL)
@ -171,7 +175,7 @@ NTSTATUS STDCALL CsrInsertObject( PCSRSS_PROCESS_DATA ProcessData, PHANDLE Handl
       ProcessData->HandleTableSize += 64;
     }
   ProcessData->HandleTable[i] = Object;
-   *Handle = (HANDLE)(((i + 1) << 2) | 0x3);
+   *Handle = (HANDLE)((i << 2) | 0x3);
   _InterlockedIncrement( &Object->ReferenceCount );
   RtlLeaveCriticalSection(&ProcessData->HandleTableLock);
   return(STATUS_SUCCESS);
@ -216,7 +220,7 @@ NTSTATUS STDCALL CsrDuplicateHandleTable(PCSRSS_PROCESS_DATA SourceProcessData,

 NTSTATUS STDCALL CsrVerifyObject( PCSRSS_PROCESS_DATA ProcessData, HANDLE Handle )
 {
-  ULONG h = (((ULONG)Handle) >> 2) - 1;
+  ULONG h = (ULONG)Handle >> 2;

  if (ProcessData == NULL)
    {
--- a/reactos/subsystems/win32/csrss/api/process.c
+++ b/reactos/subsystems/win32/csrss/api/process.c
@ -160,7 +160,7 @@ NTSTATUS STDCALL CsrFreeProcessData(HANDLE Pid)
            {
              if (pProcessData->HandleTable[c])
                {
-                  CsrReleaseObject(pProcessData, (HANDLE)(((c + 1) << 2)|0x3));
+                  CsrReleaseObjectByPointer(pProcessData->HandleTable[c]);
                }
            }
          RtlFreeHeap(CsrssApiHeap, 0, pProcessData->HandleTable);
@ -430,6 +430,7 @@ CSR_API(CsrDuplicateHandle)
      Request->Status = CsrInsertObject(ProcessData,
                                      &Request->Data.DuplicateHandleRequest.Handle,
                                      Object);
+      CsrReleaseObjectByPointer(Object);
    }
  return Request->Status;
 }
--- a/reactos/subsystems/win32/csrss/include/csrplugin.h
+++ b/reactos/subsystems/win32/csrss/include/csrplugin.h
@ -28,6 +28,7 @@ typedef NTSTATUS (STDCALL *CSRSS_INSERT_OBJECT_PROC)(PCSRSS_PROCESS_DATA Process
 typedef NTSTATUS (STDCALL *CSRSS_GET_OBJECT_PROC)(PCSRSS_PROCESS_DATA ProcessData,
                                                  HANDLE Handle,
                                                  Object_t **Object);
+typedef NTSTATUS (STDCALL *CSRSS_RELEASE_OBJECT_BY_POINTER_PROC)(Object_t *Object);
 typedef NTSTATUS (STDCALL *CSRSS_RELEASE_OBJECT_PROC)(PCSRSS_PROCESS_DATA ProcessData,
                                                      HANDLE Object );
 typedef NTSTATUS (STDCALL *CSRSS_ENUM_PROCESSES_PROC)(CSRSS_ENUM_PROCESS_PROC EnumProc,
@ -37,6 +38,7 @@ typedef struct tagCSRSS_EXPORTED_FUNCS
 {
  CSRSS_INSERT_OBJECT_PROC CsrInsertObjectProc;
  CSRSS_GET_OBJECT_PROC CsrGetObjectProc;
+  CSRSS_RELEASE_OBJECT_BY_POINTER_PROC CsrReleaseObjectByPointerProc;
  CSRSS_RELEASE_OBJECT_PROC CsrReleaseObjectProc;
  CSRSS_ENUM_PROCESSES_PROC CsrEnumProcessesProc;
 } CSRSS_EXPORTED_FUNCS, *PCSRSS_EXPORTED_FUNCS;
--- a/reactos/subsystems/win32/csrss/include/win32csr.h
+++ b/reactos/subsystems/win32/csrss/include/win32csr.h
@ -28,6 +28,7 @@ VOID FASTCALL Win32CsrUnlockObject(Object_t *Object);
 NTSTATUS FASTCALL Win32CsrGetObject(PCSRSS_PROCESS_DATA ProcessData,
                                    HANDLE Handle,
                                    Object_t **Object);
+NTSTATUS FASTCALL Win32CsrReleaseObjectByPointer(Object_t *Object);
 NTSTATUS FASTCALL Win32CsrReleaseObject(PCSRSS_PROCESS_DATA ProcessData,
                                        HANDLE Object);
 NTSTATUS FASTCALL Win32CsrEnumProcesses(CSRSS_ENUM_PROCESS_PROC EnumProc,
--- a/reactos/subsystems/win32/csrss/init.c
+++ b/reactos/subsystems/win32/csrss/init.c
@ -252,6 +252,7 @@ CsrpInitWin32Csr (int argc, char ** argv, char ** envp)
    }
  Exports.CsrInsertObjectProc = CsrInsertObject;
  Exports.CsrGetObjectProc = CsrGetObject;
+  Exports.CsrReleaseObjectByPointerProc = CsrReleaseObjectByPointer;
  Exports.CsrReleaseObjectProc = CsrReleaseObject;
  Exports.CsrEnumProcessesProc = CsrEnumProcesses;
  if (! (*InitProc)(&ApiDefinitions, &ObjectDefinitions, &InitCompleteProc,
--- a/reactos/subsystems/win32/csrss/win32csr/conio.c
+++ b/reactos/subsystems/win32/csrss/win32csr/conio.c
@ -47,6 +47,7 @@ ConioConsoleFromProcessData(PCSRSS_PROCESS_DATA ProcessData, PCSRSS_CONSOLE *Con
      return STATUS_INVALID_HANDLE;
    }

+  InterlockedIncrement(&ProcessConsole->Header.ReferenceCount);
  EnterCriticalSection(&(ProcessConsole->Header.Lock));
  *Console = ProcessConsole;

@ -1948,12 +1949,12 @@ CSR_API(CsrSetConsoleMode)
    }
  else
    {
-      return Request->Status = STATUS_INVALID_HANDLE;
+      Status = STATUS_INVALID_HANDLE;
    }

-  Request->Status = STATUS_SUCCESS;
+  Win32CsrReleaseObjectByPointer((Object_t *)Console);

-  return Request->Status;
+  return Request->Status = Status;
 }

 CSR_API(CsrGetConsoleMode)
@ -1987,6 +1988,7 @@ CSR_API(CsrGetConsoleMode)
      Request->Status = STATUS_INVALID_HANDLE;
    }

+  Win32CsrReleaseObjectByPointer((Object_t *)Console);
  return Request->Status;
 }

--- a/reactos/subsystems/win32/csrss/win32csr/dllmain.c
+++ b/reactos/subsystems/win32/csrss/win32csr/dllmain.c
@ -125,6 +125,7 @@ Win32CsrLockObject(PCSRSS_PROCESS_DATA ProcessData,

  if ((*Object)->Type != Type)
    {
+      (CsrExports.CsrReleaseObjectByPointerProc)(*Object);
      return STATUS_INVALID_HANDLE;
    }

@ -137,6 +138,13 @@ VOID FASTCALL
 Win32CsrUnlockObject(Object_t *Object)
 {
  LeaveCriticalSection(&(Object->Lock));
+  (CsrExports.CsrReleaseObjectByPointerProc)(Object);
+}
+
+NTSTATUS FASTCALL
+Win32CsrReleaseObjectByPointer(Object_t *Object)
+{
+  return (CsrExports.CsrReleaseObjectByPointerProc)(Object);
 }

 NTSTATUS FASTCALL