From 79a08ecd18c4d00bc1cc48cb0d81fe9ed49c97c3 Mon Sep 17 00:00:00 2001 From: Leonard Hecker Date: Wed, 2 Mar 2022 00:02:08 +0100 Subject: [PATCH] Fix fail-fast due to unlocked FreeProcessData call (#12599) 2b202ce6 introduced a bug, where FreeProcessData was called without the console lock being held. The previous code can be found in 40e3dea, on line 441-454. ## PR Checklist * [x] Closes MSFT:21372705 * [x] I work here * [x] Tests added/passed ## Validation Steps Performed None, as this fix is purely theoretic, but it matches the stack trace and 40e3dea clearly wasn't correctly ported to strict C++ either. --- src/server/IoDispatchers.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/server/IoDispatchers.cpp b/src/server/IoDispatchers.cpp index f52cba56c7d..e19526cccf5 100644 --- a/src/server/IoDispatchers.cpp +++ b/src/server/IoDispatchers.cpp @@ -288,8 +288,6 @@ PCONSOLE_API_MSG IoDispatchers::ConsoleHandleConnectionRequest(_In_ PCONSOLE_API LockConsole(); const auto cleanup = wil::scope_exit([&]() noexcept { - UnlockConsole(); - if (!NT_SUCCESS(Status)) { pReceiveMsg->SetReplyStatus(Status); @@ -299,6 +297,9 @@ PCONSOLE_API_MSG IoDispatchers::ConsoleHandleConnectionRequest(_In_ PCONSOLE_API gci.ProcessHandleList.FreeProcessData(ProcessData); } } + + // FreeProcessData() above requires the console to be locked. + UnlockConsole(); }); DWORD const dwProcessId = (DWORD)pReceiveMsg->Descriptor.Process;