wine/wine-staging
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-staging.git synced 2025-09-12 18:50:20 -07:00
Code Issues Packages Projects Releases Wiki Activity

Added patch to avoid sending unexpected wakeup with uninitialized cookie value.

Browse Source
This commit is contained in:
Sebastian Lackner
2014-11-25 20:20:55 +01:00
parent c2bceff255
commit e4caae5b65
3 changed files with 81 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
patches/server-Unexpected_Wakeup/0001-server-Avoid-sending-unexpected-wakeup-with-uninitia.patch Normal file
View File

@@ -0,0 +1,67 @@
From 9df06c6e4b4cf258b7f321dfd5e20467bef2b36f Mon Sep 17 00:00:00 2001
From: Sebastian Lackner <sebastian@fds-team.de>
Date: Sat, 22 Nov 2014 17:42:22 +0100
Subject: server: Avoid sending unexpected wakeup with uninitialized cookie
value.
While executing the kernel32/sync tests I noticed a couple of unexpected wakeup cookies, which looked like uninitialized wineserver memory.
Here an excerpt from the log (added additional debug values):
---
server/thread.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/server/thread.c b/server/thread.c
index ba3f1d5..bdd9ef7 100644
--- a/server/thread.c
+++ b/server/thread.c
@@ -601,6 +601,7 @@ static int wait_on( const select_op_t *select_op, unsigned int count, struct obj
wait->count = count;
wait->flags = flags;
wait->select = select_op->op;
+ wait->cookie = 0;
wait->user = NULL;
wait->timeout = timeout;
wait->abandoned = 0;
@@ -719,7 +720,7 @@ int wake_thread( struct thread *thread )
cookie = thread->wait->cookie;
if (debug_level) fprintf( stderr, "%04x: *wakeup* signaled=%d\n", thread->id, signaled );
end_wait( thread );
- if (send_thread_wakeup( thread, cookie, signaled ) == -1) /* error */
+ if (cookie && send_thread_wakeup( thread, cookie, signaled ) == -1) /* error */
{
if (!count) count = -1;
break;
@@ -749,7 +750,7 @@ int wake_thread_queue_entry( struct wait_queue_entry *entry )
if (debug_level) fprintf( stderr, "%04x: *wakeup* signaled=%d\n", thread->id, signaled );
end_wait( thread );
- if (send_thread_wakeup( thread, cookie, signaled ) != -1)
+ if (!cookie || send_thread_wakeup( thread, cookie, signaled ) != -1)
wake_thread( thread ); /* check other waits too */
return 1;
@@ -768,6 +769,8 @@ static void thread_timeout( void *ptr )
if (debug_level) fprintf( stderr, "%04x: *wakeup* signaled=TIMEOUT\n", thread->id );
end_wait( thread );
+
+ assert( cookie );
if (send_thread_wakeup( thread, cookie, STATUS_TIMEOUT ) == -1) return;
/* check if other objects have become signaled in the meantime */
wake_thread( thread );
@@ -1429,6 +1432,12 @@ DECL_HANDLER(select)
set_error( STATUS_INVALID_PARAMETER );
return;
}
+ if (!req->cookie)
+ {
+ set_error( STATUS_INVALID_PARAMETER );
+ return;
+ }
+
op_size = min( get_req_data_size() - sizeof(*result), sizeof(select_op) );
memset( &select_op, 0, sizeof(select_op) );
memcpy( &select_op, result + 1, op_size );
--
2.1.3