[ros-diffs] [tkreuzer] 65745: [WIN32K] Make sure to respect GDI object lock order in (Nt)UserScrollDC

Fri, 19 Dec 2014 01:27:53 -0800 

Author: tkreuzer
Date: Fri Dec 19 09:26:50 2014
New Revision: 65745

URL: http://svn.reactos.org/svn/reactos?rev=65745&view=rev
Log:
[WIN32K]
Make sure to respect GDI object lock order in (Nt)UserScrollDC

Modified:
    trunk/reactos/win32ss/user/ntuser/painting.c

Modified: trunk/reactos/win32ss/user/ntuser/painting.c
URL: 
http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/painting.c?rev=65745&r1=65744&r2=65745&view=diff
==============================================================================
--- trunk/reactos/win32ss/user/ntuser/painting.c        [iso-8859-1] (original)
+++ trunk/reactos/win32ss/user/ntuser/painting.c        [iso-8859-1] Fri Dec 19 
09:26:50 2014
@@ -1490,6 +1490,7 @@
    INT dy,
    const RECTL *prcScroll,
    const RECTL *prcClip,
+   HRGN hrgnUpdate,
    PREGION RgnUpdate,
    RECTL *prcUpdate)
 {
@@ -1535,15 +1536,26 @@
 
    /* Calculate the region that was invalidated by moving or
       could not be copied, because it was not visible */
-   if (RgnUpdate || prcUpdate)
+   if (RgnUpdate || hrgnUpdate || prcUpdate)
    {
       PREGION RgnOwn, RgnTmp;
 
       pDC = DC_LockDc(hDC);
       if (!pDC)
       {
-         return FALSE;
-      }
+         return ERROR;
+      }
+
+       if (hrgnUpdate)
+       {
+           NT_ASSERT(RgnUpdate == NULL);
+           RgnUpdate = RGNOBJAPI_Lock(hrgnUpdate, NULL);
+           if (!RgnUpdate)
+           {
+               DC_UnlockDc(pDC);
+               return ERROR;
+           }
+       }
 
       /* Begin with the shifted and then clipped scroll rect */
       rcDst = rcScroll;
@@ -1578,7 +1590,11 @@
          REGION_GetRgnBox(RgnOwn, prcUpdate);
       }
 
-      if (!RgnUpdate)
+      if (hrgnUpdate)
+      {
+         RGNOBJAPI_Unlock(RgnUpdate);
+      }
+      else if (!RgnUpdate)
       {
          REGION_Delete(RgnOwn);
       }
@@ -1609,7 +1625,6 @@
    RECTL rcScroll, rcClip, rcUpdate;
    NTSTATUS Status = STATUS_SUCCESS;
    DWORD Result;
-   PREGION RgnUpdate = NULL;
 
    TRACE("Enter NtUserScrollDC\n");
    UserEnterExclusive();
@@ -1640,13 +1655,6 @@
    {
       SetLastNtError(Status);
       RETURN(FALSE);
-   }
-
-   if (hrgnUpdate)
-   {
-       RgnUpdate = RGNOBJAPI_Lock(hrgnUpdate, NULL);
-       if (!RgnUpdate)
-           RETURN(FALSE);
    }
 
    Result = UserScrollDC( hDC,
@@ -1654,7 +1662,8 @@
                           dy,
                           prcUnsafeScroll? &rcScroll : 0,
                           prcUnsafeClip? &rcClip : 0,
-                          RgnUpdate,
+                          hrgnUpdate,
+                          NULL,
                           prcUnsafeUpdate? &rcUpdate : NULL);
    if(Result == ERROR)
    {
@@ -1684,8 +1693,6 @@
    RETURN(TRUE);
 
 CLEANUP:
-   if (RgnUpdate)
-       RGNOBJAPI_Unlock(RgnUpdate);
    TRACE("Leave NtUserScrollDC, ret=%lu\n",_ret_);
    UserLeave();
    END_CLEANUP;
@@ -1824,6 +1831,7 @@
                           dy,
                           &rcScroll,
                           &rcClip,
+                          NULL,
                           RgnUpdate,
                           prcUnsafeUpdate? &rcUpdate : NULL);

Reply via email to