[ros-dev] win32k message queue problem

Hartmut Birr hartmut.birr at gmx.de
Sun Jul 24 23:12:26 CEST 2005


Hi,  

it seems there exist a problem with the message queues. If a process is
terminated (killed) from outside, the thread message queue is deleted
before the last window is deleted. If there is a message (key or mouse)
for this window, the window does access the already freed message queue.
This will crash the system. Possible it is related to the paged pool
memory corruption bug. I've a (dirty) fix for this problem.

- Hartmut


-------------- next part --------------
Index: subsys/win32k/ntuser/window.c
===================================================================
--- subsys/win32k/ntuser/window.c	(Revision 16707)
+++ subsys/win32k/ntuser/window.c	(Arbeitskopie)
@@ -1577,6 +1577,7 @@
       IntSetMenu(WindowObject, hMenu, &MenuChanged);
     }
   WindowObject->MessageQueue = PsGetWin32Thread()->MessageQueue;
+  IntReferenceMessageQueue(WindowObject->MessageQueue);
   WindowObject->Parent = (ParentWindow ? ParentWindow->Self : NULL);
   if((OwnerWindow = IntGetWindowObject(OwnerWindowHandle)))
   {
@@ -2180,7 +2181,7 @@
   if (Window->MessageQueue->CaptureWindow == Window->Self)
     Window->MessageQueue->CaptureWindow = NULL;
   IntUnLockMessageQueue(Window->MessageQueue);
-
+  IntDereferenceMessageQueue(Window->MessageQueue);
   /* Call hooks */
 #if 0 /* FIXME */
   if (HOOK_CallHooks(WH_CBT, HCBT_DESTROYWND, (WPARAM) hwnd, 0, TRUE))


More information about the Ros-dev mailing list