[ros-diffs] [ion] 20788: - Fix probably one of the most devastating hidden ROS bugs currently in trunk. KWAIT_BLOCK's WaitType was defined as USHORT instead of UCHAR, causing a KeWaitForMultipleObjects of 2 or more objects to overwrite the Thread's PreviousMode (an effect of this is that 99% of user-mode callbacks from win32k were being done with the mode set to Kernel-Mode instead of UserMode). A KeWaitForMultipleObjects of 3 or more objects, or the timer object itself in some cases would cause this conflict to occur with the ResourceIndex member, potentially corrupting the ERESOURCE owner table in my updated implementation.

[ion at svn.reactos.org]

- Fix probably one of the most devastating hidden ROS bugs currently in
trunk. KWAIT_BLOCK's WaitType was defined as USHORT instead of UCHAR,
causing a KeWaitForMultipleObjects of 2 or more objects to overwrite the
Thread's PreviousMode (an effect of this is that 99% of user-mode
callbacks from win32k were being done with the mode set to Kernel-Mode
instead of UserMode). A KeWaitForMultipleObjects of 3 or more objects,
or the timer object itself in some cases would cause this conflict to
occur with the ResourceIndex member, potentially corrupting the
ERESOURCE owner table in my updated implementation.
Modified: trunk/reactos/w32api/include/ddk/winddk.h
  _____  

Modified: trunk/reactos/w32api/include/ddk/winddk.h
--- trunk/reactos/w32api/include/ddk/winddk.h	2006-01-11 20:01:03 UTC
(rev 20787)
+++ trunk/reactos/w32api/include/ddk/winddk.h	2006-01-11 20:16:29 UTC
(rev 20788)
@@ -4118,7 +4118,8 @@

   PVOID  Object;
   struct _KWAIT_BLOCK * RESTRICTED_POINTER  NextWaitBlock;
   USHORT  WaitKey;
-  USHORT  WaitType;
+  UCHAR WaitType;
+  UCHAR SpareByte;
 } KWAIT_BLOCK, *PKWAIT_BLOCK, *RESTRICTED_POINTER PRKWAIT_BLOCK;
 
 typedef struct _IO_REMOVE_LOCK_TRACKING_BLOCK *
PIO_REMOVE_LOCK_TRACKING_BLOCK;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.reactos.org/pipermail/ros-diffs/attachments/20060111/12e75989/attachment.html