Re: [PATCH 0/5] MR2988: uiautomationcore: Add support for raising in-process events.

6 Jun 2023


      Esme Povirk (@madewokherd) commented about dlls/uiautomationcore/uia_event.c:
...

int event_id = *((int *)key);

return (event_entry->event_id > event_id) - (event_entry->event_id < event_id);

+}


+static struct uia_event_map_entry *uia_get_event_map_entry_for_event(int event_id)
+{

struct uia_event_map_entry *map_entry = NULL;
struct rb_entry *rb_entry;

EnterCriticalSection(&event_map_cs);

if (uia_event_map.event_count && (rb_entry = rb_get(&uia_event_map.event_map, &event_id)))
   map_entry = RB_ENTRY_VALUE(rb_entry, struct uia_event_map_entry, entry);


LeaveCriticalSection(&event_map_cs);

I don't think this is safe. If you leave the critical section, the entry could be removed before you use it.
-- 
https://gitlab.winehq.org/wine/wine/-/merge_requests/2988#note_34816

2025

2024

2023

2022

Re: [PATCH 0/5] MR2988: uiautomationcore: Add support for raising in-process events.