Rob Shearman : rpcrt4: Fix a case of destroying a context handle without first releasing the lock .

Alexandre Julliard julliard at winehq.org
Mon Dec 31 12:32:24 CST 2007 

Module: wine
Branch: master
Commit: f6a29a1e73a4ad4bba7eac7be3d37266548684a9
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=f6a29a1e73a4ad4bba7eac7be3d37266548684a9

Author: Rob Shearman <rob at codeweavers.com>
Date:   Sun Dec 30 16:45:19 2007 +0000

rpcrt4: Fix a case of destroying a context handle without first releasing the lock.

Reverse the order of the release statements in NDRSContextMarshall2 for 
the case where the context handle doesn't have valid data so that the 
release that releases the lock comes first and then the optional second 
release doesn't need to release the lock.

---

 dlls/rpcrt4/ndr_contexthandle.c |   10 +++++++---
 1 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/dlls/rpcrt4/ndr_contexthandle.c b/dlls/rpcrt4/ndr_contexthandle.c
index 7b3c3fd..21d8747 100644
--- a/dlls/rpcrt4/ndr_contexthandle.c
+++ b/dlls/rpcrt4/ndr_contexthandle.c
@@ -259,21 +259,25 @@ void WINAPI NDRSContextMarshall2(RPC_BINDING_HANDLE hBinding,
             RpcRaiseException(status);
         ndr->attributes = 0;
         RpcContextHandle_GetUuid(SContext, &ndr->uuid);
+
+        RPCRT4_RemoveThreadContextHandle(SContext);
+        RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE);
     }
     else
     {
         if (!RpcContextHandle_IsGuardCorrect(SContext, CtxGuard))
             RpcRaiseException(ERROR_INVALID_HANDLE);
         memset(ndr, 0, sizeof(*ndr));
+
+        RPCRT4_RemoveThreadContextHandle(SContext);
         /* Note: release the context handle twice in this case to release
          * one ref being kept around for the data and one ref for the
          * unmarshall/marshall sequence */
-        if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE))
+        if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE))
             return; /* this is to cope with the case of the data not being valid
                      * before and so not having a further reference */
+        RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE);
     }
-    RPCRT4_RemoveThreadContextHandle(SContext);
-    RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE);
 }
 
 /***********************************************************************

More information about the wine-cvs mailing list