diff --git a/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst b/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
new file mode 100644
index 00000000000000..dc10b3e62c8d4a
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
@@ -0,0 +1,2 @@
+Fix a race in internal calls into WMI that can result in an "invalid handle"
+exception under high load. Patch by Chris Eibl.
diff --git a/PC/_wmimodule.cpp b/PC/_wmimodule.cpp
index b6efb3e4a207b4..30d61c86587fbe 100644
--- a/PC/_wmimodule.cpp
+++ b/PC/_wmimodule.cpp
@@ -57,11 +57,11 @@ _query_thread(LPVOID param)
IEnumWbemClassObject* enumerator = NULL;
HRESULT hr = S_OK;
BSTR bstrQuery = NULL;
- struct _query_data *data = (struct _query_data*)param;
+ _query_data data = *(struct _query_data*)param;
// gh-125315: Copy the query string first, so that if the main thread gives
// up on waiting we aren't left with a dangling pointer (and a likely crash)
- bstrQuery = SysAllocString(data->query);
+ bstrQuery = SysAllocString(data.query);
if (!bstrQuery) {
hr = HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
}
@@ -71,7 +71,7 @@ _query_thread(LPVOID param)
}
if (FAILED(hr)) {
- CloseHandle(data->writePipe);
+ CloseHandle(data.writePipe);
if (bstrQuery) {
SysFreeString(bstrQuery);
}
@@ -96,7 +96,7 @@ _query_thread(LPVOID param)
IID_IWbemLocator, (LPVOID *)&locator
);
}
- if (SUCCEEDED(hr) && !SetEvent(data->initEvent)) {
+ if (SUCCEEDED(hr) && !SetEvent(data.initEvent)) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr)) {
@@ -105,7 +105,7 @@ _query_thread(LPVOID param)
NULL, NULL, 0, NULL, 0, 0, &services
);
}
- if (SUCCEEDED(hr) && !SetEvent(data->connectEvent)) {
+ if (SUCCEEDED(hr) && !SetEvent(data.connectEvent)) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr)) {
@@ -143,7 +143,7 @@ _query_thread(LPVOID param)
if (FAILED(hr) || got != 1 || !value) {
continue;
}
- if (!startOfEnum && !WriteFile(data->writePipe, (LPVOID)L"\0", 2, &written, NULL)) {
+ if (!startOfEnum && !WriteFile(data.writePipe, (LPVOID)L"\0", 2, &written, NULL)) {
hr = HRESULT_FROM_WIN32(GetLastError());
break;
}
@@ -171,10 +171,10 @@ _query_thread(LPVOID param)
DWORD cbStr1, cbStr2;
cbStr1 = (DWORD)(wcslen(propName) * sizeof(propName[0]));
cbStr2 = (DWORD)(wcslen(propStr) * sizeof(propStr[0]));
- if (!WriteFile(data->writePipe, propName, cbStr1, &written, NULL) ||
- !WriteFile(data->writePipe, (LPVOID)L"=", 2, &written, NULL) ||
- !WriteFile(data->writePipe, propStr, cbStr2, &written, NULL) ||
- !WriteFile(data->writePipe, (LPVOID)L"\0", 2, &written, NULL)
+ if (!WriteFile(data.writePipe, propName, cbStr1, &written, NULL) ||
+ !WriteFile(data.writePipe, (LPVOID)L"=", 2, &written, NULL) ||
+ !WriteFile(data.writePipe, propStr, cbStr2, &written, NULL) ||
+ !WriteFile(data.writePipe, (LPVOID)L"\0", 2, &written, NULL)
) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
@@ -200,7 +200,7 @@ _query_thread(LPVOID param)
locator->Release();
}
CoUninitialize();
- CloseHandle(data->writePipe);
+ CloseHandle(data.writePipe);
return (DWORD)hr;
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy