https://git.reactos.org/?p=reactos.git;a=commitdiff;h=e3a706627984622c381ba8239d4fafe8e41b9ba5
commit e3a706627984622c381ba8239d4fafe8e41b9ba5 Author: Hermès Bélusca-Maïto <[email protected]> AuthorDate: Wed Apr 15 14:07:25 2020 +0200 Commit: Hermès Bélusca-Maïto <[email protected]> CommitDate: Wed Apr 15 14:14:06 2020 +0200 [CSRSRV] CsrCaptureArguments(): Tell the compiler the contents ClientCaptureBuffer points to has a volatile character. See https://docs.microsoft.com/fr-fr/archive/blogs/itgoestoeleven/why-your-user-mode-pointer-captures-are-probably-broken for more details. Since the contents of ClientCaptureBuffer is in the shared memory, the client could modify it while it is being probed and captured, and so we have to avoid any potential compiler optimizations regarding the captured "Length = ClientCaptureBuffer->Size" and "PointerCount = ClientCaptureBuffer->PointerCount" values. --- subsystems/win32/csrsrv/api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/subsystems/win32/csrsrv/api.c b/subsystems/win32/csrsrv/api.c index 8561ee13943..9120794b16e 100644 --- a/subsystems/win32/csrsrv/api.c +++ b/subsystems/win32/csrsrv/api.c @@ -848,7 +848,6 @@ CsrApiRequestThread(IN PVOID Parameter) /* Reply back to the API port now */ ReplyMsg = NULL; ReplyPort = CsrApiPort; - CsrDereferenceThread(CsrThread); } else if (ReplyCode == CsrReplyPending) @@ -1121,7 +1120,8 @@ CsrCaptureArguments(IN PCSR_THREAD CsrThread, IN PCSR_API_MESSAGE ApiMessage) { PCSR_PROCESS CsrProcess = CsrThread->Process; - PCSR_CAPTURE_BUFFER ClientCaptureBuffer, ServerCaptureBuffer = NULL; + volatile CSR_CAPTURE_BUFFER* ClientCaptureBuffer; + PCSR_CAPTURE_BUFFER ServerCaptureBuffer = NULL; ULONG_PTR EndOfClientBuffer; SIZE_T SizeOfBufferThroughOffsetsArray; SIZE_T BufferDistance;
