[ros-diffs] [fireball] 35836: - Fix two major problems in CmpCleanUpKcbCacheWithLock: * Accessing (reading and writing - corruption!) freed paged pool memory. * Lacking a dereference of a parent key. - Fix a typo in the comment ("reference" -> "dereference").
fireball at svn.reactos.org
fireball at svn.reactos.org
Sun Aug 31 18:24:29 CEST 2008
Author: fireball
Date: Sun Aug 31 11:24:29 2008
New Revision: 35836
URL: http://svn.reactos.org/svn/reactos?rev=35836&view=rev
Log:
- Fix two major problems in CmpCleanUpKcbCacheWithLock:
* Accessing (reading and writing - corruption!) freed paged pool memory.
* Lacking a dereference of a parent key.
- Fix a typo in the comment ("reference" -> "dereference").
Modified:
trunk/reactos/ntoskrnl/config/cmkcbncb.c
Modified: trunk/reactos/ntoskrnl/config/cmkcbncb.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmkcbncb.c?rev=35836&r1=35835&r2=35836&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] Sun Aug 31 11:24:29 2008
@@ -483,7 +483,7 @@
/* Cleanup the value cache */
CmpCleanUpKcbValueCache(Kcb);
- /* Reference the NCB */
+ /* Dereference the NCB */
CmpDereferenceNameControlBlockWithLock(Kcb->NameBlock);
/* Check if we have an index hint block and free it */
@@ -492,10 +492,10 @@
/* Check if we were already deleted */
Parent = Kcb->ParentKcb;
if (!Kcb->Delete) CmpRemoveKeyControlBlock(Kcb);
-
+
/* Set invalid KCB signature */
Kcb->Signature = CM_KCB_INVALID_SIGNATURE;
-
+
/* Free the KCB as well */
CmpFreeKeyControlBlock(Kcb);
@@ -504,8 +504,8 @@
{
/* Dereference the parent */
LockHeldExclusively ?
- CmpDereferenceKeyControlBlockWithLock(Kcb,LockHeldExclusively) :
- CmpDelayDerefKeyControlBlock(Kcb);
+ CmpDereferenceKeyControlBlockWithLock(Parent,LockHeldExclusively) :
+ CmpDelayDerefKeyControlBlock(Parent);
}
}
More information about the Ros-diffs
mailing list