Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-24 17:34:57 +00:00
Code Issues Projects Releases Packages Wiki Activity

[NtUser]

Browse source 
- Fix Process Explorer crash in Win32k. See CORE-8779 and CORE-7447.

svn path=/trunk/; revision=65431
This commit is contained in:
James Tabor 2014-11-19 05:35:33 +00:00
parent a60eca74a7
commit d7df3046e0
1 changed files with 18 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
reactos/win32ss/user/ntuser/message.c
View file

@ -213,7 +213,10 @@ MsgMemorySize(PMSGMEMORY MsgMemoryEntry, WPARAM wParam, LPARAM lParam)
break;
case WM_COPYDATA:
Size = sizeof(COPYDATASTRUCT) + ((PCOPYDATASTRUCT)lParam)->cbData;
{
COPYDATASTRUCT *cds = (COPYDATASTRUCT *)lParam;
Size = sizeof(COPYDATASTRUCT) + cds->cbData;
}
break;
default:
@ -472,6 +475,9 @@ CopyMsgToUserMem(MSG *UserModeMsg, MSG *KernelModeMsg)
NTSTATUS Status;
PMSGMEMORY MsgMemoryEntry;
UINT Size;
PTHREADINFO pti;
pti = PsGetCurrentThreadWin32Thread();
/* See if this message type is present in the table */
MsgMemoryEntry = FindMsgMemory(UserModeMsg->message);
@ -486,6 +492,7 @@ CopyMsgToUserMem(MSG *UserModeMsg, MSG *KernelModeMsg)
if (0 != Size)
{
PWND pWnd = ValidateHwndNoErr(KernelModeMsg->hwnd);
/* Copy data if required */
if (0 != (MsgMemoryEntry->Flags & MMS_FLAG_WRITE))
{
@ -497,7 +504,12 @@ CopyMsgToUserMem(MSG *UserModeMsg, MSG *KernelModeMsg)
return Status;
}
}
if (pWnd && KernelModeMsg->message == WM_COPYDATA)
{
// Only the current process or thread can free the message lParam pointer.
if (pWnd->head.pti->MessageQueue != pti->MessageQueue)
return STATUS_SUCCESS;
}
ExFreePool((PVOID) KernelModeMsg->lParam);
}
@ -1415,6 +1427,10 @@ co_IntSendMessageTimeoutSingle( HWND hWnd,
CLEANUP:
if (Window) UserDerefObjectCo(Window);
if ( !ptiSendTo && Msg == WM_COPYDATA )
{
ExFreePool((PVOID) lParam);
}
END_CLEANUP;
}