rpcrt4: Fix a case of destroying a context handle without first releasing the lock.

Reverse the order of the release statements in NDRSContextMarshall2 for the case where the context handle doesn't have valid data so that the release that releases the lock comes first and then the optional second release doesn't need to release the lock.
2007-12-30 16:45:19 +00:00 · 2007-12-30 16:45:19 +00:00 · f6a29a1e73
parent 51c051c0c4
commit f6a29a1e73
1 changed files with 7 additions and 3 deletions
--- a/dlls/rpcrt4/ndr_contexthandle.c
+++ b/dlls/rpcrt4/ndr_contexthandle.c
@ -259,21 +259,25 @@ void WINAPI NDRSContextMarshall2(RPC_BINDING_HANDLE hBinding,
            RpcRaiseException(status);
        ndr->attributes = 0;
        RpcContextHandle_GetUuid(SContext, &ndr->uuid);
+
+        RPCRT4_RemoveThreadContextHandle(SContext);
+        RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE);
    }
    else
    {
        if (!RpcContextHandle_IsGuardCorrect(SContext, CtxGuard))
            RpcRaiseException(ERROR_INVALID_HANDLE);
        memset(ndr, 0, sizeof(*ndr));
+
+        RPCRT4_RemoveThreadContextHandle(SContext);
        /* Note: release the context handle twice in this case to release
         * one ref being kept around for the data and one ref for the
         * unmarshall/marshall sequence */
-        if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE))
+        if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE))
            return; /* this is to cope with the case of the data not being valid
                     * before and so not having a further reference */
+        RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE);
    }
-    RPCRT4_RemoveThreadContextHandle(SContext);
-    RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE);
 }

 /***********************************************************************