Alexandre Julliard : ntdll:
Avoid accessing the TEB after the memory view has been released.
Alexandre Julliard
julliard at wine.codeweavers.com
Tue Jul 25 05:09:48 CDT 2006
Module: wine
Branch: refs/heads/master
Commit: b91a6298a73526215b8de1cb2b1f28b7d7e7681b
URL: http://source.winehq.org/git/?p=wine.git;a=commit;h=b91a6298a73526215b8de1cb2b1f28b7d7e7681b
Author: Alexandre Julliard <julliard at winehq.org>
Date: Tue Jul 25 12:03:56 2006 +0200
ntdll: Avoid accessing the TEB after the memory view has been released.
When using reserved areas the memory could potentially be reused right
after the release.
---
dlls/ntdll/server.c | 14 ++++++++++----
1 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/dlls/ntdll/server.c b/dlls/ntdll/server.c
index a64bdb6..d6d18e0 100644
--- a/dlls/ntdll/server.c
+++ b/dlls/ntdll/server.c
@@ -141,6 +141,7 @@ void server_exit_thread( int status )
{
struct wine_pthread_thread_info info;
SIZE_T size;
+ int fds[4];
RtlAcquirePebLock();
RemoveEntryList( &NtCurrentTeb()->TlsLinks );
@@ -151,6 +152,11 @@ void server_exit_thread( int status )
info.teb_sel = wine_get_fs();
info.exit_status = status;
+ fds[0] = ntdll_get_thread_data()->wait_fd[0];
+ fds[1] = ntdll_get_thread_data()->wait_fd[1];
+ fds[2] = ntdll_get_thread_data()->reply_fd;
+ fds[3] = ntdll_get_thread_data()->request_fd;
+
size = 0;
NtFreeVirtualMemory( GetCurrentProcess(), &info.stack_base, &size, MEM_RELEASE | MEM_SYSTEM );
info.stack_size = size;
@@ -160,10 +166,10 @@ void server_exit_thread( int status )
info.teb_size = size;
pthread_functions.sigprocmask( SIG_BLOCK, &block_set, NULL );
- close( ntdll_get_thread_data()->wait_fd[0] );
- close( ntdll_get_thread_data()->wait_fd[1] );
- close( ntdll_get_thread_data()->reply_fd );
- close( ntdll_get_thread_data()->request_fd );
+ close( fds[0] );
+ close( fds[1] );
+ close( fds[2] );
+ close( fds[3] );
pthread_functions.exit_thread( &info );
}
More information about the wine-cvs
mailing list