https://git.reactos.org/?p=reactos.git;a=commitdiff;h=0b0e73d66edc9e6ebff7057d44d1789846016687
commit 0b0e73d66edc9e6ebff7057d44d1789846016687 Author: Katayama Hirofumi MZ <[email protected]> AuthorDate: Mon Apr 25 11:36:00 2022 +0900 Commit: GitHub <[email protected]> CommitDate: Mon Apr 25 11:36:00 2022 +0900 [NTUSER] Add locking at IntSendFocusMessage (#4468) Fix access violation on IntFocusSetInputContext. - Add locking on pWndPrev. CORE-18163 --- win32ss/user/ntuser/focus.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/win32ss/user/ntuser/focus.c b/win32ss/user/ntuser/focus.c index 7ecb9c88f73..f40a2bf686b 100644 --- a/win32ss/user/ntuser/focus.c +++ b/win32ss/user/ntuser/focus.c @@ -617,6 +617,7 @@ IntSendFocusMessages( PTHREADINFO pti, PWND pWnd) PWND pWndPrev; PUSER_MESSAGE_QUEUE ThreadQueue = pti->MessageQueue; // Queue can change... HWND hwndPrev; + USER_REFERENCE_ENTRY Ref; ThreadQueue->QF_flags &= ~QF_FOCUSNULLSINCEACTIVE; if (!pWnd && ThreadQueue->spwndActive) @@ -625,6 +626,8 @@ IntSendFocusMessages( PTHREADINFO pti, PWND pWnd) } pWndPrev = ThreadQueue->spwndFocus; + if (pWndPrev) + UserRefObjectCo(pWndPrev, &Ref); /* check if the specified window can be set in the input data of a given queue */ if (!pWnd || ThreadQueue == pWnd->head.pti->MessageQueue) @@ -667,6 +670,9 @@ IntSendFocusMessages( PTHREADINFO pti, PWND pWnd) } } } + + if (pWndPrev) + UserDerefObjectCo(pWndPrev); } BOOL FASTCALL
