[ros-diffs] [fireball] 30564: - Reference/dereference the file object when working with it in the context of MPW thread. This prevents massive file operations (like copying) to crash ReactOS with writing to a freed memory exception.

fireball at svn.reactos.org fireball at svn.reactos.org
Mon Nov 19 00:11:20 CET 2007 

Author: fireball
Date: Mon Nov 19 02:11:20 2007
New Revision: 30564

URL: http://svn.reactos.org/svn/reactos?rev=30564&view=rev
Log:
- Reference/dereference the file object when working with it in the context of MPW thread. This prevents massive file operations (like copying) to crash ReactOS with writing to a freed memory exception.

Modified:
    trunk/reactos/ntoskrnl/cc/view.c

Modified: trunk/reactos/ntoskrnl/cc/view.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/cc/view.c?rev=30564&r1=30563&r2=30564&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/cc/view.c (original)
+++ trunk/reactos/ntoskrnl/cc/view.c Mon Nov 19 02:11:20 2007
@@ -237,10 +237,16 @@
         current = CONTAINING_RECORD(current_entry, CACHE_SEGMENT,
                                     DirtySegmentListEntry);
         current_entry = current_entry->Flink;
-        
+
+        /* This Ros-specific function needs FileObject to be referenced,
+           ohterwise it may be deleted while this function still works
+           with it */
+        ObReferenceObject(current->Bcb->FileObject);
+
         Locked = ExTryToAcquireResourceExclusiveLite(((FSRTL_COMMON_FCB_HEADER*)(current->Bcb->FileObject->FsContext))->Resource);
         if (!Locked)
         {
+            ObDereferenceObject(current->Bcb->FileObject);
             continue;
         }
         
@@ -248,6 +254,7 @@
         if (!Locked)
         {
             ExReleaseResourceLite(((FSRTL_COMMON_FCB_HEADER*)(current->Bcb->FileObject->FsContext))->Resource);
+            ObDereferenceObject(current->Bcb->FileObject);
             continue;
         }
         
@@ -256,6 +263,7 @@
         {
             ExReleasePushLock(&current->Lock);
             ExReleaseResourceLite(((FSRTL_COMMON_FCB_HEADER*)(current->Bcb->FileObject->FsContext))->Resource);
+            ObDereferenceObject(current->Bcb->FileObject);
             continue;
         }
         
@@ -267,6 +275,7 @@
 
         ExReleasePushLock(&current->Lock);
         ExReleaseResourceLite(((FSRTL_COMMON_FCB_HEADER*)(current->Bcb->FileObject->FsContext))->Resource);
+        ObDereferenceObject(current->Bcb->FileObject);
 
         if (!NT_SUCCESS(Status) &&  (Status != STATUS_END_OF_FILE))
         {

More information about the Ros-diffs mailing list