[krbdev.mit.edu #5678] SVN Commit

Jeffrey Altman via RT rt-comment at krbdev.mit.edu
Fri Aug 24 10:33:18 EDT 2007


The credentials view in Network Identity Manager displays several user
interface elements that need to be updated periodically such as any
fields that denote the time remaining for a credential or an identity,
or an icon and coloring used to indicate the expiration state.  When
the display rows are computed, the credentials view creates a set of
timers that reference each row that times out when that row needs to
be redrawn.

Since the rows change when switching views or when the outline is
recomputed, all the timers are canceled and re-scheduled.  However, a
race conditions exists where the timer times-out before it is
canceled, in which case a WM_TIMER message is placed in the
credential window's message queue.  Windows does not support
canceling a timer that has already fired and has been placed on the
message queue.

By the time the WM_TIMER message is received by the window, the rows
of the display would have been recomputed and the row that the message
references may not be what it intended to reference. A spurious
WM_TIMER message is harmless when it refers to a row corresponding to
a credential.  However, the existing code assumed that if a timer event
is received that referred to an outline row, then that outline must be
an expanded view of an identity, which is currently the only type of
outline row that receives timers.  This assumption does not always
hold in the case of a spurious WM_TIMER message and may lead to the
code attempting to use the outline data as a handle to an identity.
The patch fixes the problem by checking if the row is actually an
expanded view of an identity and ignoring the message if it is not.


Commit By: jaltman



Revision: 19857
Changed Files:
U   trunk/src/windows/identity/ui/credwnd.c




More information about the krb5-bugs mailing list