[ros-dev] crash in usetup if an allocation size is given for a call
to NtCreateFile
Hartmut Birr
osexpert at gmail.com
Tue Oct 11 23:40:24 CEST 2005
Hi,
I've done some little changes in usetup for optimisation. One thing is
the decompressing of files from a cabinet container. If the destination
file exist, it is created with the create disposition FILE_OVERWRITE and
without a pointer to the allocation size. If I add an allocation size
pointer (cabinet.c.diff), usetup does crash after copying of all files
and creating the registry.
(ntoskrnl\ke\exception.c:94) KiRaiseException
(ntoskrnl\ke\i386\exp.c:1306) Unhandled UserMode exception, terminating
thread
Exception: -1160049408(0)
Processor: 0 CS:EIP 1b:12000 ?????
cr2 66f924 cr3 56a000 Proc: 8094a1f0 Pid: 5c <smss.exe> Thrd: 80954088
Tid: 60
DS 23 ES 23 FS 3b GS 0
EAX: 00012000 EBX: 00000001 ECX: 0066fc18
EDX: 7c90a479 EBP: 0066ff54 ESI: 00000004 ESP: 807ebd64
EDI: 0066fc28 EFLAGS: 00000216 Frames:
<smss.exe:741b> subsys/system/usetup/console.c:660
<smss.exe:19c41> subsys/system/usetup/usetup.c:3321
<smss.exe:1a65e> subsys/system/usetup/usetup.c:3781
<0>
The address of the crash has nothing to do with the decompressing of the
install files. If I change IoCreateFile file a little bit, that the
allocation size pointer isn't read (file.c.diff), usetup didn't crash.
Has someone an idea what is wrong?
- Hartmut
-------------- next part --------------
Index: subsys/system/usetup/cabinet.c
===================================================================
--- subsys/system/usetup/cabinet.c (Revision 18300)
+++ subsys/system/usetup/cabinet.c (Arbeitskopie)
@@ -859,6 +859,7 @@
UnicodeString.Buffer = DestName + wcslen( DestName );
UnicodeString.Length = 0;
RtlAnsiStringToUnicodeString( &UnicodeString, &AnsiString, FALSE );
+ MaxDestFileSize.QuadPart = Search->File->FileSize;
/* Create destination file, fail if it already exists */
RtlInitUnicodeString(&UnicodeString,
@@ -884,7 +885,7 @@
0);
if (!NT_SUCCESS(NtStatus))
{
- DPRINT("NtCreateFile() failed (%S) (%x).\n", DestName, NtStatus);
+ DPRINT1("NtCreateFile() failed (%S) (%x).\n", DestName, NtStatus);
/* If file exists, ask to overwrite file */
if (OverwriteHandler == NULL || OverwriteHandler(Search->File, DestName))
@@ -894,7 +895,7 @@
GENERIC_READ | GENERIC_WRITE | SYNCHRONIZE,
&ObjectAttributes,
&IoStatusBlock,
- NULL,
+ &MaxDestFileSize,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE,
@@ -903,7 +904,7 @@
0);
if (!NT_SUCCESS(NtStatus))
{
- DPRINT("NtCreateFile() failed 2 (%S) (%x).\n", DestName, NtStatus);
+ DPRINT1("NtCreateFile() failed 2 (%S) (%x).\n", DestName, NtStatus);
return CAB_STATUS_CANNOT_CREATE;
}
}
@@ -913,7 +914,6 @@
return CAB_STATUS_FILE_EXISTS;
}
}
- MaxDestFileSize.QuadPart = Search->File->FileSize;
NtStatus = NtCreateSection(&DestFileSection,
SECTION_ALL_ACCESS,
0,
@@ -964,7 +964,10 @@
}
else
{
+// memcpy(&FileBasic.CreationTime, &FileTime, sizeof(FILETIME));
memcpy(&FileBasic.LastAccessTime, &FileTime, sizeof(FILETIME));
+// memcpy(&FileBasic.LastWriteTime, &FileTime, sizeof(FILETIME));
+// memcpy(&FileBasic.ChangeTime, &FileTime, sizeof(FILETIME));
NtStatus = NtSetInformationFile(DestFile,
&IoStatusBlock,
@@ -1050,6 +1053,7 @@
Status = CAB_STATUS_SUCCESS;
UnmapDestFile:
NtUnmapViewOfSection(NtCurrentProcess(), DestFileBuffer);
+// NtFlushBuffersFile(DestFile, &IoStatusBlock);
CloseDestFileSection:
NtClose(DestFileSection);
CloseDestFile:
-------------- next part --------------
Index: ntoskrnl/io/file.c
===================================================================
--- ntoskrnl/io/file.c (Revision 18300)
+++ ntoskrnl/io/file.c (Arbeitskopie)
@@ -787,7 +787,11 @@
sizeof(ULONG));
if(AllocationSize != NULL)
{
- SafeAllocationSize = ProbeForReadLargeInteger(AllocationSize);
+ ProbeForRead(AllocationSize,
+ sizeof(LARGE_INTEGER),
+ sizeof(ULONG));
+ SafeAllocationSize.QuadPart = 0 /* AllocationSize->QuadPart */;
+// SafeAllocationSize = ProbeForReadLargeInteger(AllocationSize);
}
else
SafeAllocationSize.QuadPart = 0;
More information about the Ros-dev
mailing list