[PATCH] msctf: Clear the corresponding DocumentMgr pointers for Associated Focus Windows on destruction.
Gabriel Ivăncescu
gabrielopcode at gmail.com
Mon Jan 6 07:32:25 CST 2020
Fixes a regression introduced by d541087079a8770bb02bae830c56a6d3c0b6424e
due to an alternate code path being executed for Firefox and Pale Moon
browsers that made use of the Thread Manager, causing a crash.
AssociateFocus does not grab ownership of the Document Manager, but it does
return it in the "prev" output parameter with an increased refcount. So,
if the docmgr gets destroyed and AssociateFocus is called again, its "prev"
parameter will refer to freed memory. Windows sets it to NULL in such case.
Signed-off-by: Gabriel Ivăncescu <gabrielopcode at gmail.com>
---
dlls/msctf/tests/inputprocessor.c | 15 +++++++++++++--
dlls/msctf/threadmgr.c | 14 ++++++++++++--
2 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/dlls/msctf/tests/inputprocessor.c b/dlls/msctf/tests/inputprocessor.c
index 38c591e..f8ec492 100644
--- a/dlls/msctf/tests/inputprocessor.c
+++ b/dlls/msctf/tests/inputprocessor.c
@@ -2287,6 +2287,7 @@ static void test_AssociateFocus(void)
ITfDocumentMgr *dm1, *dm2, *olddm, *dmcheck, *dmorig;
HWND wnd1, wnd2, wnd3;
HRESULT hr;
+ ULONG ref;
ITfThreadMgr_GetFocus(g_tm, &dmorig);
test_CurrentFocus = NULL;
@@ -2428,10 +2429,20 @@ static void test_AssociateFocus(void)
processPendingMessages();
SetFocus(wnd1);
processPendingMessages();
- test_OnSetFocus = SINK_UNEXPECTED;
+
+ hr = ITfThreadMgr_AssociateFocus(g_tm,wnd2,dm2,&olddm);
+ ok(SUCCEEDED(hr),"AssociateFocus failed\n");
+
+ /* Vista doesn't return NULL */
+ if (olddm) ITfDocumentMgr_Release(olddm);
+ ref = ITfDocumentMgr_Release(dm2);
+ ok(ref == 0, "incorrect DocumentMgr ref %d\n", ref);
+
+ hr = ITfThreadMgr_AssociateFocus(g_tm,wnd2,NULL,&olddm);
+ ok(SUCCEEDED(hr),"AssociateFocus failed\n");
+ ok(olddm == NULL, "incorrect old DocumentMgr returned\n");
ITfDocumentMgr_Release(dm1);
- ITfDocumentMgr_Release(dm2);
test_CurrentFocus = dmorig;
test_PrevFocus = FOCUS_IGNORE;
diff --git a/dlls/msctf/threadmgr.c b/dlls/msctf/threadmgr.c
index 2c208fb..77cf47c 100644
--- a/dlls/msctf/threadmgr.c
+++ b/dlls/msctf/threadmgr.c
@@ -1530,6 +1530,8 @@ void ThreadMgr_OnDocumentMgrDestruction(ITfThreadMgr *iface, ITfDocumentMgr *mgr
{
ThreadMgr *This = impl_from_ITfThreadMgrEx((ITfThreadMgrEx *)iface);
struct list *cursor;
+ BOOL found = FALSE;
+
LIST_FOR_EACH(cursor, &This->CreatedDocumentMgrs)
{
DocumentMgrEntry *mgrentry = LIST_ENTRY(cursor,DocumentMgrEntry,entry);
@@ -1537,8 +1539,16 @@ void ThreadMgr_OnDocumentMgrDestruction(ITfThreadMgr *iface, ITfDocumentMgr *mgr
{
list_remove(cursor);
HeapFree(GetProcessHeap(),0,mgrentry);
- return;
+ found = TRUE;
+ break;
}
}
- FIXME("ITfDocumentMgr %p not found in this thread\n",mgr);
+ if (!found) FIXME("ITfDocumentMgr %p not found in this thread\n",mgr);
+
+ LIST_FOR_EACH(cursor, &This->AssociatedFocusWindows)
+ {
+ AssociatedWindow *wnd = LIST_ENTRY(cursor,AssociatedWindow,entry);
+ if (wnd->docmgr == mgr)
+ wnd->docmgr = NULL;
+ }
}
--
2.21.0
More information about the wine-devel
mailing list