[ros-diffs] [sir_richard] 49169: [RTL]: Fix a bug introduced Mon Dec 6 00:25:14 1999 UTC (10 years, 10 months ago) in revision 828. NtFreeVirtualMemory takes a pointer to the address to free, not the address i...

sir_richard at svn.reactos.org sir_richard at svn.reactos.org
Sat Oct 16 14:20:31 UTC 2010 

Author: sir_richard
Date: Sat Oct 16 14:20:30 2010
New Revision: 49169

URL: http://svn.reactos.org/svn/reactos?rev=49169&view=rev
Log:
[RTL]: Fix a bug introduced Mon Dec 6 00:25:14 1999 UTC (10 years, 10 months ago) in revision 828. NtFreeVirtualMemory takes a pointer to the address to free, not the address instead. For the last 11 years, freeing the process parameter block resulted in freeing whatever the first value in the structure is, which is MaximumLength and initialized to 0x1000. ReactOS would then free whatever random address was in that area. In real Windows, it is illegal to free an allocation in the middle of the base address, and this call failed with the new VAD code. ReactOS either leaked the memory or freed random data, who knows.
[RTL]: Make the PPB live in the Heap instead of having its own virtual allocation, fixing the issue above. Stop rounding it to a PAGE_SIZE, and just use the space required.

Modified:
    trunk/reactos/lib/rtl/ppb.c

Modified: trunk/reactos/lib/rtl/ppb.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/ppb.c?rev=49169&r1=49168&r2=49169&view=diff
==============================================================================
--- trunk/reactos/lib/rtl/ppb.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/ppb.c [iso-8859-1] Sat Oct 16 14:20:30 2010
@@ -53,9 +53,7 @@
 			   PUNICODE_STRING ShellInfo,
 			   PUNICODE_STRING RuntimeData)
 {
-   NTSTATUS Status = STATUS_SUCCESS;
    PRTL_USER_PROCESS_PARAMETERS Param = NULL;
-   SIZE_T RegionSize = 0;
    ULONG Length = 0;
    PWCHAR Dest;
    UNICODE_STRING EmptyString;
@@ -121,23 +119,16 @@
    Length += ALIGN(RuntimeData->MaximumLength, sizeof(ULONG));
 
    /* Calculate the required block size */
-   RegionSize = ROUND_UP(Length, PAGE_SIZE);
-
-   Status = ZwAllocateVirtualMemory(NtCurrentProcess(),
-				    (PVOID*)&Param,
-				    0,
-				    &RegionSize,
-				    MEM_RESERVE | MEM_COMMIT,
-				    PAGE_READWRITE);
-   if (!NT_SUCCESS(Status))
+   Param = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
+   if (!Param)
      {
 	RtlReleasePebLock();
-	return Status;
+	return STATUS_INSUFFICIENT_RESOURCES;
      }
 
    DPRINT ("Process parameters allocated\n");
 
-   Param->MaximumLength = RegionSize;
+   Param->MaximumLength = Length;
    Param->Length = Length;
    Param->Flags = RTL_USER_PROCESS_PARAMETERS_NORMALIZED;
    Param->Environment = Environment;
@@ -219,15 +210,12 @@
 /*
  * @implemented
  */
-NTSTATUS NTAPI
-RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
-{
-   SIZE_T RegionSize = 0;
-
-   return ZwFreeVirtualMemory (NtCurrentProcess (),
-			(PVOID)ProcessParameters,
-			&RegionSize,
-			MEM_RELEASE);
+NTSTATUS
+NTAPI
+RtlDestroyProcessParameters(IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
+{
+   RtlFreeHeap(RtlGetProcessHeap(), 0, ProcessParameters);
+   return STATUS_SUCCESS;
 }
 
 /*

More information about the Ros-diffs mailing list