[ros-bugs] [Bug 899] New: Problem cleaning up window classes
ReactOS.Bugzilla at reactos.org
ReactOS.Bugzilla at reactos.org
Wed Oct 12 16:00:10 CEST 2005
http://www.reactos.org/bugzilla/show_bug.cgi?id=899
Summary: Problem cleaning up window classes
Product: ReactOS
Version: TRUNK
Platform: x86 Hardware
OS/Version: ReactOS
Status: NEW
Severity: normal
Priority: P3
Component: Win32
AssignedTo: ros-bugs at reactos.com
ReportedBy: gvg at reactos.org
QAContact: ros-bugs at reactos.com
CC: w3seek at reactos.com
Suppose we have a program with two threads, let's call them the N(ative) thread
and the W(in32) thread. Thread N doesn't make any win32 calls and so doesn't
have a W32THREAD structure allocated to it. Thread W registers some window classes.
Now assume the process terminates and thread W is cleaned up first, then thread
N. Since thread N is the last thread, it will be the active thread when
Win32kProcessCallback() is called to do process cleanup in win32k. One of the
tasks executed during process cleanup is DestroyProcessClasses(), which will
call DestroyClass() on each class registered by thread W but not deregistered
yet. DestroyClass needs to find the window station and uses
PsGetWin32Thread()->Desktop->WindowStation to do that. However, the active
thread at this point is thread N, which doesn't have a W32THREAD structure and
we end up dereferencing a NULL pointer.
The root cause of this problem that we can only get at the window station of the
process via a win32 thread. This was done to be able to attach csrss to multiple
window stations.
--
Configure bugmail: http://www.reactos.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.
More information about the Ros-bugs
mailing list