Alexandre Julliard : ntdll: Add a magic number to validate timer queue pointers.

Alexandre Julliard julliard at winehq.org
Tue Aug 20 14:38:38 CDT 2013 

Module: wine
Branch: master
Commit: 2810c5647f70bfaca2f76f3f72553fb2bbaae879
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=2810c5647f70bfaca2f76f3f72553fb2bbaae879

Author: Alexandre Julliard <julliard at winehq.org>
Date:   Tue Aug 20 20:13:58 2013 +0200

ntdll: Add a magic number to validate timer queue pointers.

---

 dlls/ntdll/threadpool.c |   11 ++++++++---
 1 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/dlls/ntdll/threadpool.c b/dlls/ntdll/threadpool.c
index e33a025..4edd069 100644
--- a/dlls/ntdll/threadpool.c
+++ b/dlls/ntdll/threadpool.c
@@ -553,6 +553,7 @@ struct queue_timer
 
 struct timer_queue
 {
+    DWORD magic;
     RTL_CRITICAL_SECTION cs;
     struct list timers;          /* sorted by expiration time */
     BOOL quit;         /* queue should be deleted; once set, never unset */
@@ -561,6 +562,7 @@ struct timer_queue
 };
 
 #define EXPIRE_NEVER (~(ULONGLONG) 0)
+#define TIMER_QUEUE_MAGIC 0x516d6954  /* TimQ */
 
 static void queue_remove_timer(struct queue_timer *t)
 {
@@ -748,6 +750,7 @@ static void WINAPI timer_queue_thread_proc(LPVOID p)
 
     NtClose(q->event);
     RtlDeleteCriticalSection(&q->cs);
+    q->magic = 0;
     RtlFreeHeap(GetProcessHeap(), 0, q);
 }
 
@@ -788,6 +791,7 @@ NTSTATUS WINAPI RtlCreateTimerQueue(PHANDLE NewTimerQueue)
     RtlInitializeCriticalSection(&q->cs);
     list_init(&q->timers);
     q->quit = FALSE;
+    q->magic = TIMER_QUEUE_MAGIC;
     status = NtCreateEvent(&q->event, EVENT_ALL_ACCESS, NULL, SynchronizationEvent, FALSE);
     if (status != STATUS_SUCCESS)
     {
@@ -830,7 +834,7 @@ NTSTATUS WINAPI RtlDeleteTimerQueueEx(HANDLE TimerQueue, HANDLE CompletionEvent)
     HANDLE thread;
     NTSTATUS status;
 
-    if (!q)
+    if (!q || q->magic != TIMER_QUEUE_MAGIC)
         return STATUS_INVALID_HANDLE;
 
     thread = q->thread;
@@ -925,8 +929,9 @@ NTSTATUS WINAPI RtlCreateTimer(PHANDLE NewTimer, HANDLE TimerQueue,
     NTSTATUS status;
     struct queue_timer *t;
     struct timer_queue *q = get_timer_queue(TimerQueue);
-    if (!q)
-        return STATUS_NO_MEMORY;
+
+    if (!q) return STATUS_NO_MEMORY;
+    if (q->magic != TIMER_QUEUE_MAGIC) return STATUS_INVALID_HANDLE;
 
     t = RtlAllocateHeap(GetProcessHeap(), 0, sizeof *t);
     if (!t)

More information about the wine-cvs mailing list