[ros-diffs] [fireball] 42297: - Usermode GDI handles are per-process, not global! Fix this assumption when mapping usermode handles to global kernelmode handles. Fixes a lot of weird crashes happening due to wrong surface objects usage.
fireball at svn.reactos.org
fireball at svn.reactos.org
Thu Jul 30 10:59:03 CEST 2009
Author: fireball
Date: Thu Jul 30 10:59:02 2009
New Revision: 42297
URL: http://svn.reactos.org/svn/reactos?rev=42297&view=rev
Log:
- Usermode GDI handles are per-process, not global! Fix this assumption when mapping usermode handles to global kernelmode handles. Fixes a lot of weird crashes happening due to wrong surface objects usage.
Modified:
branches/arwinss/reactos/subsystems/win32/win32k/gre/gdiobj.c
Modified: branches/arwinss/reactos/subsystems/win32/win32k/gre/gdiobj.c
URL: http://svn.reactos.org/svn/reactos/branches/arwinss/reactos/subsystems/win32/win32k/gre/gdiobj.c?rev=42297&r1=42296&r2=42297&view=diff
==============================================================================
--- branches/arwinss/reactos/subsystems/win32/win32k/gre/gdiobj.c [iso-8859-1] (original)
+++ branches/arwinss/reactos/subsystems/win32/win32k/gre/gdiobj.c [iso-8859-1] Thu Jul 30 10:59:02 2009
@@ -209,6 +209,7 @@
{
HGDIOBJ hUser;
HGDIOBJ hKernel;
+ HANDLE hProcessId;
LIST_ENTRY Entry;
} HMAPPING, *PHMAPPING;
@@ -223,12 +224,19 @@
VOID NTAPI
GDI_AddHandleMapping(HGDIOBJ hKernel, HGDIOBJ hUser)
{
+ HGDIOBJ hExisting;
PHMAPPING pMapping = ExAllocatePool(NonPagedPool, sizeof(HMAPPING));
if (!pMapping) return;
/* Set mapping */
pMapping->hUser = hUser;
pMapping->hKernel = hKernel;
+ pMapping->hProcessId = PsGetCurrentProcessId();
+
+ /* Debug check: see if we already have this mapping */
+ hExisting = GDI_MapUserHandle(hUser);
+ if (hExisting)
+ DPRINT1("Trying to map already existing mapping %x -> %x to %x!\n", hUser, hExisting, hKernel);
/* Add it to the list */
ExInterlockedInsertHeadList(&HandleMapping, &pMapping->Entry, &HandleMappingLock);
@@ -241,6 +249,7 @@
PLIST_ENTRY Current;
PHMAPPING Mapping;
HGDIOBJ Found = 0;
+ HANDLE hProcessId = PsGetCurrentProcessId();
/* Acquire the lock and check if the list is empty */
KeAcquireSpinLock(&HandleMappingLock, &OldIrql);
@@ -252,7 +261,7 @@
Mapping = CONTAINING_RECORD(Current, HMAPPING, Entry);
/* Check if it's our entry */
- if (Mapping->hUser == hUser)
+ if (Mapping->hUser == hUser && Mapping->hProcessId == hProcessId)
{
/* Found it, save it and break out of the loop */
Found = Mapping->hKernel;
@@ -274,6 +283,7 @@
KIRQL OldIrql;
PLIST_ENTRY Current;
PHMAPPING Mapping;
+ HANDLE hProcessId = PsGetCurrentProcessId();
/* Acquire the lock and check if the list is empty */
KeAcquireSpinLock(&HandleMappingLock, &OldIrql);
@@ -285,7 +295,7 @@
Mapping = CONTAINING_RECORD(Current, HMAPPING, Entry);
/* Check if it's our entry */
- if (Mapping->hUser == hUser)
+ if (Mapping->hUser == hUser && Mapping->hProcessId == hProcessId)
{
/* Remove and free it */
RemoveEntryList(Current);
More information about the Ros-diffs
mailing list