[ros-kernel] ExAllocatePool

Filip Navara xnavara at volny.cz
Sun Feb 22 13:32:39 CET 2004 

Hi all!

As Waldo Alvarez Cañizares pointed in one of his emails, the 
ExAllocatePool function shouldn't zero out the memory returned. I tried 
to fix it, but it's very hard to guess where it's really needed to zero 
the memory or not. With the attached patch it's possible to boot and 
work in the GUI, but obviously some places were ommited and it can cause 
weird crashes (although I haven't seen any for a long time). I'm sending 
it here for verification and asking the kernel developers to review it. 
We really need to fix this bug as soon as possible, otherwise it will be 
even bigger pain to fix it then now.

Regards,
Filip

-------------- next part --------------
diff -r -u -w reactos/ntoskrnl/io/buildirp.c reactos/ntoskrnl/io/buildirp.c
--- reactos/ntoskrnl/io/buildirp.c	Sat Feb 14 17:34:12 2004
+++ reactos/ntoskrnl/io/buildirp.c	Sun Feb 22 09:42:16 2004
@@ -259,6 +259,13 @@
 	     RtlCopyMemory(Irp->AssociatedIrp.SystemBuffer,
 			   InputBuffer,
 			   InputBufferLength);
+	     RtlZeroMemory(Irp->AssociatedIrp.SystemBuffer + InputBufferLength,
+			   BufferLength - InputBufferLength);
+	  }
+	else
+	  {
+	     RtlZeroMemory(Irp->AssociatedIrp.SystemBuffer,
+			   BufferLength);
 	  }
 	Irp->UserBuffer = OutputBuffer;
 	break;
@@ -273,12 +280,13 @@
                ExAllocatePoolWithTag(NonPagedPool,OutputBufferLength, 
 				     TAG_SYS_BUF);
 
-	     
 	     if (Irp->AssociatedIrp.SystemBuffer == NULL)
 	       {
 		  IoFreeIrp(Irp);
 		  return(NULL);
 	       }
+
+			 RtlZeroMemory(Irp->AssociatedIrp.SystemBuffer, OutputBufferLength);
 	     Irp->UserBuffer = OutputBuffer;
 	  }
 	
diff -r -u -w reactos/ntoskrnl/io/irp.c reactos/ntoskrnl/io/irp.c
--- reactos/ntoskrnl/io/irp.c	Sat Feb 14 17:34:12 2004
+++ reactos/ntoskrnl/io/irp.c	Sun Feb 22 09:42:16 2004
@@ -200,6 +200,7 @@
       return(NULL);
     }
 
+  RtlZeroMemory(Irp, IoSizeOfIrp(StackSize));
   IoInitializeIrp(Irp,
 		  IoSizeOfIrp(StackSize),
 		  StackSize);
diff -r -u -w reactos/ntoskrnl/io/mdl.c reactos/ntoskrnl/io/mdl.c
--- reactos/ntoskrnl/io/mdl.c	Sat Feb 14 17:34:12 2004
+++ reactos/ntoskrnl/io/mdl.c	Sun Feb 22 09:42:16 2004
@@ -49,6 +49,7 @@
 				    MmSizeOfMdl(VirtualAddress,Length),
 				    TAG_MDL);
      }
+   RtlZeroMemory(Mdl, MmSizeOfMdl(VirtualAddress,Length));
    MmInitializeMdl(Mdl, (char*)VirtualAddress, Length);
    if (Irp!=NULL && !SecondaryBuffer)
      {
diff -r -u -w reactos/ntoskrnl/mm/aspace.c reactos/ntoskrnl/mm/aspace.c
--- reactos/ntoskrnl/mm/aspace.c	Sat Feb 14 17:34:12 2004
+++ reactos/ntoskrnl/mm/aspace.c	Sun Feb 22 09:42:16 2004
@@ -88,6 +88,7 @@
 	AddressSpace->PageTableRefCountTable = 
 	  ExAllocatePoolWithTag(NonPagedPool, 768 * sizeof(USHORT),
 				TAG_PTRC);
+	RtlZeroMemory(AddressSpace->PageTableRefCountTable, 768 * sizeof(USHORT));
 	AddressSpace->PageTableRefCountTableSize = 768;
      }
    else
diff -r -u -w reactos/ntoskrnl/mm/freelist.c reactos/ntoskrnl/mm/freelist.c
--- reactos/ntoskrnl/mm/freelist.c	Sat Feb 14 17:34:14 2004
+++ reactos/ntoskrnl/mm/freelist.c	Sun Feb 22 09:42:16 2004
@@ -718,7 +718,7 @@
 {
    ULONG Start = PhysicalAddress.u.LowPart / PAGE_SIZE;
 
-   DPRINT("MmGetReferenceCountPage(PhysicalAddress %x)\n", PhysicalAddress);
+   DPRINT("MmIsUsablePage(PhysicalAddress %x)\n", PhysicalAddress);
 
    if (PhysicalAddress.u.LowPart == 0)
      {
diff -r -u -w reactos/ntoskrnl/mm/npool.c reactos/ntoskrnl/mm/npool.c
--- reactos/ntoskrnl/mm/npool.c	Sat Feb 14 17:34:16 2004
+++ reactos/ntoskrnl/mm/npool.c	Sun Feb 22 09:42:16 2004
@@ -1633,7 +1633,7 @@
 #endif
    KeReleaseSpinLock(&MmNpoolLock, oldIrql);
    block = block_to_address(best);
-   memset(block,0,Size);
+   /* RtlZeroMemory(block, Size); */
    return(block);
 #endif /* WHOLE_PAGE_ALLOCATIONS */
 }
diff -r -u -w reactos/ntoskrnl/mm/pagefile.c reactos/ntoskrnl/mm/pagefile.c
--- reactos/ntoskrnl/mm/pagefile.c	Sat Feb 14 17:34:18 2004
+++ reactos/ntoskrnl/mm/pagefile.c	Sun Feb 22 09:42:16 2004
@@ -811,6 +811,8 @@
        return(STATUS_NO_MEMORY);
      }
 
+   RtlZeroMemory(CurrentRetDescList, Size);
+
 #if defined(__GNUC__)
    Vcn.QuadPart = 0LL;
 #else
@@ -858,6 +860,7 @@
                NtClose(FileHandle);
                return(STATUS_NO_MEMORY);
 	     }
+           RtlZeroMemory(CurrentRetDescList->Next, Size);
            Vcn.QuadPart = CurrentRetDescList->RetrievalPointers.Pair[CurrentRetDescList->RetrievalPointers.NumberOfPairs-1].Vcn;
 	   CurrentRetDescList = CurrentRetDescList->Next;
          }
@@ -881,6 +884,8 @@
        return(STATUS_NO_MEMORY);
      }
    
+   RtlZeroMemory(PagingFile, sizeof(*PagingFile));
+   
    PagingFile->FileObject = FileObject;
    PagingFile->MaximumSize.QuadPart = MaximumSize->QuadPart;
    PagingFile->CurrentSize.QuadPart = InitialSize->QuadPart;
@@ -924,6 +929,9 @@
       return(STATUS_NO_MEMORY);
    }
 
+   RtlZeroMemory(PagingFile->AllocMap, AllocMapSize * sizeof(ULONG));
+   RtlZeroMemory(PagingFile->RetrievalPointers, Size);
+
    Count = 0;
    PagingFile->RetrievalPointers->NumberOfPairs = ExtentCount;
    PagingFile->RetrievalPointers->StartVcn = RetDescList->RetrievalPointers.StartVcn;
diff -r -u -w reactos/ntoskrnl/mm/pool.c reactos/ntoskrnl/mm/pool.c
--- reactos/ntoskrnl/mm/pool.c	Sat Feb 14 17:34:18 2004
+++ reactos/ntoskrnl/mm/pool.c	Sun Feb 22 09:42:16 2004
@@ -23,11 +23,7 @@
 
 /* FUNCTIONS ***************************************************************/
 
-#if defined(__GNUC__)
-PVOID STDCALL STATIC
-#else
 STATIC PVOID STDCALL
-#endif
 EiAllocatePool(POOL_TYPE PoolType,
 	       ULONG NumberOfBytes,
 	       ULONG Tag,
@@ -35,7 +31,6 @@
 {
    PVOID Block;
   
-   
    switch(PoolType)
      {
       case NonPagedPool:
diff -r -u -w reactos/ntoskrnl/mm/ppool.c reactos/ntoskrnl/mm/ppool.c
--- reactos/ntoskrnl/mm/ppool.c	Sun Feb 15 22:12:38 2004
+++ reactos/ntoskrnl/mm/ppool.c	Sun Feb 22 09:42:16 2004
@@ -406,8 +406,7 @@
   ExReleaseFastMutex(&MmPagedPoolLock);
 
   BlockAddress = block_to_address ( NewBlock );
-
-  memset(BlockAddress, 0, NumberOfBytes);
+/*  RtlZeroMemory(BlockAddress, NumberOfBytes);*/
 
 #if MM_PPOOL_REDZONE_BYTES
   NewBlock->UserSize = NumberOfBytes;
diff -r -u -w reactos/ntoskrnl/mm/region.c reactos/ntoskrnl/mm/region.c
--- reactos/ntoskrnl/mm/region.c	Sat Feb 14 17:34:22 2004
+++ reactos/ntoskrnl/mm/region.c	Sun Feb 22 09:42:16 2004
@@ -84,6 +84,10 @@
       ExFreePool(NewRegion2);
       return(NULL);
     }
+
+  RtlZeroMemory(NewRegion1, sizeof(MM_REGION));
+  RtlZeroMemory(NewRegion2, sizeof(MM_REGION));
+
   NewRegion1->Type = NewType;
   NewRegion1->Protect = NewProtect;
   InternalLength = ((char*)InitialBaseAddress + InitialRegion->Length) - (char*)StartAddress;
@@ -276,6 +280,7 @@
 
   Region = ExAllocatePoolWithTag(NonPagedPool, sizeof(MM_REGION),
 				 TAG_MM_REGION);
+  RtlZeroMemory(Region, sizeof(MM_REGION));
   Region->Type = Type;
   Region->Protect = Protect;
   Region->Length = Length;
diff -r -u -w reactos/ntoskrnl/mm/section.c reactos/ntoskrnl/mm/section.c
--- reactos/ntoskrnl/mm/section.c	Sat Feb 14 17:34:32 2004
+++ reactos/ntoskrnl/mm/section.c	Sun Feb 22 09:42:16 2004
@@ -2322,6 +2322,7 @@
       ObDereferenceObject(Section);
       return(STATUS_NO_MEMORY);
     }
+  RtlZeroMemory(Segment, sizeof(MM_SECTION_SEGMENT));
   Section->Segment = Segment;
   Segment->ReferenceCount = 1;
   ExInitializeFastMutex(&Segment->Lock);
@@ -2539,6 +2540,7 @@
 	  ObDereferenceObject(FileObject);
 	  return(STATUS_NO_MEMORY);
 	}
+      RtlZeroMemory(Segment, sizeof(MM_SECTION_SEGMENT));
       Section->Segment = Segment;
       Segment->ReferenceCount = 1;
       ExInitializeFastMutex(&Segment->Lock);
@@ -2865,6 +2867,7 @@
 	    ExFreePool(ImageSections);
 	    return(STATUS_NO_MEMORY);
 	  }
+        RtlZeroMemory(ImageSectionObject, Size);
         Section->ImageSection = ImageSectionObject;
         ImageSectionObject->NrSegments = NrSegments;
 	ImageSectionObject->ImageBase = (PVOID)PEHeader.OptionalHeader.ImageBase;
diff -r -u -w reactos/ntoskrnl/mm/slab.c reactos/ntoskrnl/mm/slab.c
--- reactos/ntoskrnl/mm/slab.c	Sat Feb 14 17:34:32 2004
+++ reactos/ntoskrnl/mm/slab.c	Sun Feb 22 09:42:16 2004
@@ -84,6 +84,7 @@
     {
       return(NULL);
     }
+  RtlZeroMemory(Slab, sizeof(SLAB_CACHE));
 
   Slab->Constructor = Constructor;
   Slab->Destructor = Destructor;
diff -r -u -w reactos/ntoskrnl/ob/object.c reactos/ntoskrnl/ob/object.c
--- reactos/ntoskrnl/ob/object.c	Sat Feb 14 17:34:34 2004
+++ reactos/ntoskrnl/ob/object.c	Sun Feb 22 09:42:16 2004
@@ -377,6 +377,7 @@
 						 Type->Tag);
   if (Header == NULL)
     return STATUS_INSUFFICIENT_RESOURCES;
+  RtlZeroMemory(Header, OBJECT_ALLOC_SIZE(ObjectSize));
 
   /* Initialize the object header */
   Header->HandleCount = 0;
diff -r -u reactos/subsys/win32k/objects/text.c reactos/subsys/win32k/objects/text.c
--- reactos/subsys/win32k/objects/text.c	Sun Feb 22 08:35:22 2004
+++ reactos/subsys/win32k/objects/text.c	Sun Feb 22 11:06:48 2004
@@ -283,10 +283,11 @@
             {   
                 iFileData = NULL;
                 pBuff = ExAllocatePool(NonPagedPool,0x4000);
+                RtlZeroMemory(pBuff, 0x4000);
                 RtlInitUnicodeString(&cchFilename,0);
                 cchFilename.MaximumLength = 0x1000;
                 cchFilename.Buffer = ExAllocatePoolWithTag(PagedPool,cchFilename.MaximumLength, TAG_STRING);
- 
+                RtlZeroMemory(cchFilename.Buffer, cchFilename.MaximumLength);
                 cchFilename.Length = 0;
 				    
 				Status = NtQueryDirectoryFile( hDirectory,

More information about the Ros-kernel mailing list