[PATCH v2] user32/menu: Inside HiliteMenuItem free menu earlier to avoid crash
Fabian Maurer
dark.shadow4 at web.de
Fri Jul 20 09:29:43 CDT 2018
MENU_SelectItem sends a message,
and we must not hold the lock when that happens
Fixes bug 45457.
v2: Don't access menu after releasing it
Signed-off-by: Fabian Maurer <dark.shadow4 at web.de>
---
dlls/user32/menu.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/dlls/user32/menu.c b/dlls/user32/menu.c
index bae45002b7..3b1e3f25f4 100644
--- a/dlls/user32/menu.c
+++ b/dlls/user32/menu.c
@@ -3859,17 +3859,23 @@ BOOL WINAPI HiliteMenuItem( HWND hWnd, HMENU hMenu, UINT wItemID,
{
POPUPMENU *menu;
UINT pos;
+ HMENU handle_menu;
+ UINT focused_item;
TRACE("(%p, %p, %04x, %04x);\n", hWnd, hMenu, wItemID, wHilite);
if (!(menu = find_menu_item(hMenu, wItemID, wHilite, &pos))) return FALSE;
- if (menu->FocusedItem != pos)
+ handle_menu = menu->obj.handle;
+ focused_item = menu->FocusedItem;
+ release_menu_ptr(menu);
+
+ if (focused_item != pos)
{
- MENU_HideSubPopups( hWnd, menu->obj.handle, FALSE, 0 );
- MENU_SelectItem( hWnd, menu->obj.handle, pos, TRUE, 0 );
+ MENU_HideSubPopups( hWnd, handle_menu, FALSE, 0 );
+ MENU_SelectItem( hWnd, handle_menu, pos, TRUE, 0 );
}
- release_menu_ptr(menu);
+
return TRUE;
}
--
2.18.0
More information about the wine-devel
mailing list