From bea6fb6c7af551778cfe1c0e8412ef4ccf560808 Mon Sep 17 00:00:00 2001 From: Jon TURNEY Date: Sun, 22 Jan 2012 19:31:51 +0000 Subject: [PATCH] hw/xwin: Avoid WIN_WINDOW_PROP races during Windows window destruction The WIN_WINDOW_PROP is removed during WM_DESTROY handling, so it is not neccessary to remove it in winDestroyWindowsWindow(), and doing so opens a race condition, as we may attempt to access that property in the wndproc before the WM_DESTROY has completed. A specific example of that race is if a WM_KILLFOCUS occurs in the window between property removal and WM_DESTROY processing, where we will attempt to apply DeleteWindowFromAnyEvents() on an invalid (null) WindowPtr. Also guard against null WindowPtr in the WM_KILLFOCUS handler See http://cygwin.com/ml/cygwin-xfree/2012-01/msg00009.html Signed-off-by: Jon TURNEY Reviewed-by: Colin Harrison --- hw/xwin/winmultiwindowwindow.c | 2 -- hw/xwin/winmultiwindowwndproc.c | 8 +++++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hw/xwin/winmultiwindowwindow.c b/hw/xwin/winmultiwindowwindow.c index 2329d163e..aabde6b4a 100644 --- a/hw/xwin/winmultiwindowwindow.c +++ b/hw/xwin/winmultiwindowwindow.c @@ -638,8 +638,6 @@ winDestroyWindowsWindow (WindowPtr pWin) hIcon = (HICON)SendMessage(pWinPriv->hWnd, WM_GETICON, ICON_BIG, 0); hIconSm = (HICON)SendMessage(pWinPriv->hWnd, WM_GETICON, ICON_SMALL, 0); - SetProp (pWinPriv->hWnd, WIN_WINDOW_PROP, NULL); - /* Destroy the Windows window */ DestroyWindow (pWinPriv->hWnd); diff --git a/hw/xwin/winmultiwindowwndproc.c b/hw/xwin/winmultiwindowwndproc.c index 1d57a5182..19dad579c 100644 --- a/hw/xwin/winmultiwindowwndproc.c +++ b/hw/xwin/winmultiwindowwndproc.c @@ -713,9 +713,11 @@ winTopLevelWindowProc (HWND hwnd, UINT message, /* Remove our keyboard hook if it is installed */ winRemoveKeyboardHookLL (); - if (!wParam) - /* Revert the X focus as well, but only if the Windows focus is going to another window */ - DeleteWindowFromAnyEvents(pWin, FALSE); + + /* Revert the X focus as well, but only if the Windows focus is going to another window */ + if (!wParam && pWin) + DeleteWindowFromAnyEvents(pWin, FALSE); + return 0; case WM_SYSDEADCHAR: