From f6a29a1e73a4ad4bba7eac7be3d37266548684a9 Mon Sep 17 00:00:00 2001 From: Rob Shearman Date: Sun, 30 Dec 2007 16:45:19 +0000 Subject: [PATCH] rpcrt4: Fix a case of destroying a context handle without first releasing the lock. Reverse the order of the release statements in NDRSContextMarshall2 for the case where the context handle doesn't have valid data so that the release that releases the lock comes first and then the optional second release doesn't need to release the lock. --- dlls/rpcrt4/ndr_contexthandle.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/dlls/rpcrt4/ndr_contexthandle.c b/dlls/rpcrt4/ndr_contexthandle.c index 7b3c3fd99fc..21d87473830 100644 --- a/dlls/rpcrt4/ndr_contexthandle.c +++ b/dlls/rpcrt4/ndr_contexthandle.c @@ -259,21 +259,25 @@ void WINAPI NDRSContextMarshall2(RPC_BINDING_HANDLE hBinding, RpcRaiseException(status); ndr->attributes = 0; RpcContextHandle_GetUuid(SContext, &ndr->uuid); + + RPCRT4_RemoveThreadContextHandle(SContext); + RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE); } else { if (!RpcContextHandle_IsGuardCorrect(SContext, CtxGuard)) RpcRaiseException(ERROR_INVALID_HANDLE); memset(ndr, 0, sizeof(*ndr)); + + RPCRT4_RemoveThreadContextHandle(SContext); /* Note: release the context handle twice in this case to release * one ref being kept around for the data and one ref for the * unmarshall/marshall sequence */ - if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE)) + if (!RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE)) return; /* this is to cope with the case of the data not being valid * before and so not having a further reference */ + RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, FALSE); } - RPCRT4_RemoveThreadContextHandle(SContext); - RpcServerAssoc_ReleaseContextHandle(binding->Assoc, SContext, TRUE); } /***********************************************************************