[ros-diffs] [fireball] 36719: - Fix a memory leak in IopUnloadDriver. - Driver object temporary was not marked temporary, thus it wasn't really deleted after reference counter reached 0. Fix this (inspired by bug #3501). See issue #3501 for more details.

fireball at svn.reactos.org fireball at svn.reactos.org
Sat Oct 11 19:39:13 CEST 2008 

Author: fireball
Date: Sat Oct 11 12:39:12 2008
New Revision: 36719

URL: http://svn.reactos.org/svn/reactos?rev=36719&view=rev
Log:
- Fix a memory leak in IopUnloadDriver.
- Driver object temporary was not marked temporary, thus it wasn't really deleted after reference counter reached 0. Fix this (inspired by bug #3501).
See issue #3501 for more details.

Modified:
    trunk/reactos/ntoskrnl/io/iomgr/driver.c

Modified: trunk/reactos/ntoskrnl/io/iomgr/driver.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/driver.c?rev=36719&r1=36718&r2=36719&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/io/iomgr/driver.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/io/iomgr/driver.c [iso-8859-1] Sat Oct 11 12:39:12 2008
@@ -1010,21 +1010,25 @@
    /*
     * Find the driver object
     */
-
-   Status = ObReferenceObjectByName(&ObjectName, 0, 0, 0, IoDriverObjectType,
-      KernelMode, 0, (PVOID*)&DriverObject);
+   Status = ObReferenceObjectByName(&ObjectName,
+                                    0,
+                                    0,
+                                    0,
+                                    IoDriverObjectType,
+                                    KernelMode,
+                                    0,
+                                    (PVOID*)&DriverObject);
+
+   /*
+    * Free the buffer for driver object name
+    */
+   ExFreePool(ObjectName.Buffer);
 
    if (!NT_SUCCESS(Status))
    {
       DPRINT1("Can't locate driver object for %wZ\n", &ObjectName);
       return Status;
    }
-
-   /*
-    * Free the buffer for driver object name
-    */
-
-   ExFreePool(ObjectName.Buffer);
 
    /*
     * Get path of service...
@@ -1097,9 +1101,14 @@
              FALSE, NULL);
       }
 
-      /* Unload the driver */
+      /* Mark the driver object temporary, so it could be deleted later */
+      ObMakeTemporaryObject(DriverObject);
+
+      /* Dereference it 2 times */
       ObDereferenceObject(DriverObject);
       ObDereferenceObject(DriverObject);
+
+      /* Unload the driver */
       MmUnloadSystemImage(DriverObject->DriverSection);
 
       return STATUS_SUCCESS;

More information about the Ros-diffs mailing list