From 24019bb216654a88224e11de2cf917c250c12ac7 Mon Sep 17 00:00:00 2001
From: Chris Eibl <138194463+chris-eibl@users.noreply.github.com>
Date: Tue, 20 May 2025 23:21:25 +0200
Subject: [PATCH] GH-130727: Avoid race condition in _wmimodule by copying
shared data (GH-134313) (cherry picked from commit
e4fbfb12889013fd52565cd2598a366754cb677b)
Co-authored-by: Chris Eibl <138194463+chris-eibl@users.noreply.github.com>
---
...-05-20-21-43-20.gh-issue-130727.-69t4D.rst | 2 ++
PC/_wmimodule.cpp | 22 +++++++++----------
2 files changed, 13 insertions(+), 11 deletions(-)
create mode 100644 Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
diff --git a/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst b/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
new file mode 100644
index 00000000000000..dc10b3e62c8d4a
--- /dev/null
+++ b/Misc/NEWS.d/next/Windows/2025-05-20-21-43-20.gh-issue-130727.-69t4D.rst
@@ -0,0 +1,2 @@
+Fix a race in internal calls into WMI that can result in an "invalid handle"
+exception under high load. Patch by Chris Eibl.
diff --git a/PC/_wmimodule.cpp b/PC/_wmimodule.cpp
index 3a59e78f171526..58cb9a8c463ed8 100644
--- a/PC/_wmimodule.cpp
+++ b/PC/_wmimodule.cpp
@@ -57,11 +57,11 @@ _query_thread(LPVOID param)
IEnumWbemClassObject* enumerator = NULL;
HRESULT hr = S_OK;
BSTR bstrQuery = NULL;
- struct _query_data *data = (struct _query_data*)param;
+ _query_data data = *(struct _query_data*)param;
// gh-125315: Copy the query string first, so that if the main thread gives
// up on waiting we aren't left with a dangling pointer (and a likely crash)
- bstrQuery = SysAllocString(data->query);
+ bstrQuery = SysAllocString(data.query);
if (!bstrQuery) {
hr = HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
}
@@ -71,7 +71,7 @@ _query_thread(LPVOID param)
}
if (FAILED(hr)) {
- CloseHandle(data->writePipe);
+ CloseHandle(data.writePipe);
if (bstrQuery) {
SysFreeString(bstrQuery);
}
@@ -96,7 +96,7 @@ _query_thread(LPVOID param)
IID_IWbemLocator, (LPVOID *)&locator
);
}
- if (SUCCEEDED(hr) && !SetEvent(data->initEvent)) {
+ if (SUCCEEDED(hr) && !SetEvent(data.initEvent)) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr)) {
@@ -105,7 +105,7 @@ _query_thread(LPVOID param)
NULL, NULL, 0, NULL, 0, 0, &services
);
}
- if (SUCCEEDED(hr) && !SetEvent(data->connectEvent)) {
+ if (SUCCEEDED(hr) && !SetEvent(data.connectEvent)) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr)) {
@@ -143,7 +143,7 @@ _query_thread(LPVOID param)
if (FAILED(hr) || got != 1 || !value) {
continue;
}
- if (!startOfEnum && !WriteFile(data->writePipe, (LPVOID)L"\0", 2, &written, NULL)) {
+ if (!startOfEnum && !WriteFile(data.writePipe, (LPVOID)L"\0", 2, &written, NULL)) {
hr = HRESULT_FROM_WIN32(GetLastError());
break;
}
@@ -171,10 +171,10 @@ _query_thread(LPVOID param)
DWORD cbStr1, cbStr2;
cbStr1 = (DWORD)(wcslen(propName) * sizeof(propName[0]));
cbStr2 = (DWORD)(wcslen(propStr) * sizeof(propStr[0]));
- if (!WriteFile(data->writePipe, propName, cbStr1, &written, NULL) ||
- !WriteFile(data->writePipe, (LPVOID)L"=", 2, &written, NULL) ||
- !WriteFile(data->writePipe, propStr, cbStr2, &written, NULL) ||
- !WriteFile(data->writePipe, (LPVOID)L"\0", 2, &written, NULL)
+ if (!WriteFile(data.writePipe, propName, cbStr1, &written, NULL) ||
+ !WriteFile(data.writePipe, (LPVOID)L"=", 2, &written, NULL) ||
+ !WriteFile(data.writePipe, propStr, cbStr2, &written, NULL) ||
+ !WriteFile(data.writePipe, (LPVOID)L"\0", 2, &written, NULL)
) {
hr = HRESULT_FROM_WIN32(GetLastError());
}
@@ -200,7 +200,7 @@ _query_thread(LPVOID param)
locator->Release();
}
CoUninitialize();
- CloseHandle(data->writePipe);
+ CloseHandle(data.writePipe);
return (DWORD)hr;
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy