[ros-diffs] [hpoussin] 35921: ExAllocatePoolWithTag should be paired with ExFreePoolWithTag Fix a memory leak in W32kGetDefaultKeyLayout Fix a possible double-free in IntFreeMenuItem

hpoussin at svn.reactos.org hpoussin at svn.reactos.org
Thu Sep 4 10:47:56 CEST 2008


Author: hpoussin
Date: Thu Sep  4 03:47:56 2008
New Revision: 35921

URL: http://svn.reactos.org/svn/reactos?rev=35921&view=rev
Log:
ExAllocatePoolWithTag should be paired with ExFreePoolWithTag
Fix a memory leak in W32kGetDefaultKeyLayout
Fix a possible double-free in IntFreeMenuItem

Modified:
    trunk/reactos/subsystems/win32/win32k/include/tags.h
    trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c
    trunk/reactos/subsystems/win32/win32k/ntuser/kbdlayout.c
    trunk/reactos/subsystems/win32/win32k/ntuser/menu.c
    trunk/reactos/subsystems/win32/win32k/ntuser/window.c
    trunk/reactos/subsystems/win32/win32k/objects/dc.c
    trunk/reactos/subsystems/win32/win32k/objects/text.c

Modified: trunk/reactos/subsystems/win32/win32k/include/tags.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/include/tags.h?rev=35921&r1=35920&r2=35921&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/include/tags.h [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/include/tags.h [iso-8859-1] Thu Sep  4 03:47:56 2008
@@ -2,6 +2,7 @@
 #define _WIN32K_TAGS_H
 
 #define TAG_STRING      TAG('S', 'T', 'R', ' ') /* string */
+#define TAG_RTLREGISTRY TAG('R', 'q', 'r', 'v') /* RTL registry */
 
 /* ntuser */
 #define TAG_MOUSE       TAG('M', 'O', 'U', 'S') /* mouse */
@@ -87,6 +88,7 @@
 #define TAG_DRIVER      TAG('G', 'D', 'R', 'V') /* video drivers */
 #define TAG_FNTFILE     TAG('F', 'N', 'T', 'F') /* font file */
 #define TAG_SSECTPOOL   TAG('S', 'S', 'C', 'P') /* shared section pool */
+#define TAG_PFF         TAG('G', 'p', 'f', 'f') /* physical font file */
 
 /* Dx internal tags rember I do not known if it right namees */
 #define TAG_DXPVMLIST   TAG('D', 'X', 'P', 'L') /* pmvlist for the driver */

Modified: trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c?rev=35921&r1=35920&r2=35921&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/desktop.c [iso-8859-1] Thu Sep  4 03:47:56 2008
@@ -355,7 +355,7 @@
                                   NULL,
                                   (HANDLE*)hWinSta);
 
-      RtlFreeUnicodeString(&FullName);
+      ExFreePoolWithTag(FullName.Buffer, TAG_STRING);
 
       if(!NT_SUCCESS(Status))
       {
@@ -389,7 +389,7 @@
                                   NULL,
                                   (HANDLE*)hDesktop);
 
-      RtlFreeUnicodeString(&FullName);
+      ExFreePoolWithTag(FullName.Buffer, TAG_STRING);
 
       if(!NT_SUCCESS(Status))
       {
@@ -931,11 +931,12 @@
    {
       SetLastNtError(STATUS_INSUFFICIENT_RESOURCES);
       ObDereferenceObject(WinStaObject);
-	  if (lpszDesktopName)
-         RtlFreeUnicodeString(&SafeDesktopName);
+      if (lpszDesktopName)
+         ExFreePoolWithTag(SafeDesktopName.Buffer, TAG_STRING);
       RETURN( NULL);
    }
-   RtlFreeUnicodeString(&SafeDesktopName);
+   if (lpszDesktopName)
+      ExFreePoolWithTag(SafeDesktopName.Buffer, TAG_STRING);
    ObDereferenceObject(WinStaObject);
 
    /*
@@ -963,7 +964,7 @@
    if (!NT_SUCCESS(Status)) RETURN(NULL);
    if (Status == STATUS_OBJECT_NAME_EXISTS)
    {
-      ExFreePool(DesktopName.Buffer);
+      ExFreePoolWithTag(DesktopName.Buffer, TAG_STRING);
       RETURN( Desktop);
    }
 
@@ -1019,7 +1020,7 @@
 
    /* Initialize some local (to win32k) desktop state. */
    DesktopObject->ActiveMessageQueue = NULL;
-   ExFreePool(DesktopName.Buffer);
+   ExFreePoolWithTag(DesktopName.Buffer, TAG_STRING);
 
    if (! NT_SUCCESS(Status))
    {
@@ -1138,7 +1139,8 @@
    Result = IntGetFullWindowStationName(&DesktopName, &WinStaObject->Name,
                                         &SafeDesktopName);
 
-   RtlFreeUnicodeString(&SafeDesktopName);
+   if (lpszDesktopName)
+      ExFreePoolWithTag(SafeDesktopName.Buffer, TAG_STRING);
    ObDereferenceObject(WinStaObject);
 
 

Modified: trunk/reactos/subsystems/win32/win32k/ntuser/kbdlayout.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntuser/kbdlayout.c?rev=35921&r1=35920&r2=35921&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/kbdlayout.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/kbdlayout.c [iso-8859-1] Thu Sep  4 03:47:56 2008
@@ -92,7 +92,7 @@
    if( !NT_SUCCESS(Status) )
    {
       NtClose(KeyHandle);
-      ExFreePool(KeyValuePartialInfo);
+      ExFreePoolWithTag(KeyValuePartialInfo, TAG_STRING);
       return Status;
    }
 
@@ -104,7 +104,7 @@
    if(!ReturnBuffer)
    {
       NtClose(KeyHandle);
-      ExFreePool(KeyValuePartialInfo);
+      ExFreePoolWithTag(KeyValuePartialInfo, TAG_STRING);
       return STATUS_NO_MEMORY;
    }
 
@@ -113,7 +113,7 @@
       KeyValuePartialInfo->DataLength);
    RtlInitUnicodeString(ReturnedValue, ReturnBuffer);
 
-   ExFreePool(KeyValuePartialInfo);
+   ExFreePoolWithTag(KeyValuePartialInfo, TAG_STRING);
    NtClose(KeyHandle);
 
    return Status;
@@ -154,7 +154,7 @@
    FullLayoutPath.MaximumLength = sizeof(LayoutPathBuffer);
    RtlAppendUnicodeStringToString(&FullLayoutPath, &LayoutFile);
    DPRINT("Loading Keyboard DLL %wZ\n", &FullLayoutPath);
-   RtlFreeUnicodeString(&LayoutFile);
+   ExFreePoolWithTag(LayoutFile.Buffer, TAG_STRING);
 
    *phModule = EngLoadImage(FullLayoutPath.Buffer);
 
@@ -321,7 +321,10 @@
          Status = ReadRegistryValue(&FullKeyboardLayoutPath, &LayoutValueName, &LayoutLocaleIdString);
 
          if( NT_SUCCESS(Status) )
+         {
             RtlUnicodeStringToInteger(&LayoutLocaleIdString, 16, &LayoutLocaleId);
+            ExFreePoolWithTag(LayoutLocaleIdString.Buffer, TAG_STRING);
+         }
          else
             DPRINT1("ReadRegistryValue failed! (%08lx).\n", Status);
       }

Modified: trunk/reactos/subsystems/win32/win32k/ntuser/menu.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntuser/menu.c?rev=35921&r1=35920&r2=35921&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/menu.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/menu.c [iso-8859-1] Thu Sep  4 03:47:56 2008
@@ -95,7 +95,7 @@
 { \
   if((MENU_ITEM_TYPE((MenuItem)->fType) == MF_STRING) && \
            (MenuItem)->Text.Length) { \
-    RtlFreeUnicodeString(&(MenuItem)->Text); \
+    ExFreePoolWithTag((MenuItem)->Text.Buffer, TAG_STRING); \
   } \
 }
 
@@ -220,7 +220,6 @@
    }
 
    /* Free memory */
-   if (MenuItem->Text.Buffer) ExFreePool(MenuItem->Text.Buffer);
    ExFreePool(MenuItem);
 
    return TRUE;

Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/ntuser/window.c?rev=35921&r1=35920&r2=35921&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] Thu Sep  4 03:47:56 2008
@@ -2259,7 +2259,7 @@
       {
          if (! IS_ATOM(ClassName.Buffer))
          {
-            RtlFreeUnicodeString(&ClassName);
+            ExFreePoolWithTag(ClassName.Buffer, TAG_STRING);
          }
          SetLastNtError(Status);
          RETURN( NULL);
@@ -2273,10 +2273,13 @@
    NewWindow = co_IntCreateWindowEx(dwExStyle, &ClassName, &WindowName, dwStyle, x, y, nWidth, nHeight,
                                     hWndParent, hMenu, hInstance, lpParam, dwShowMode, bUnicodeWindow);
 
-   RtlFreeUnicodeString(&WindowName);
+   if (WindowName.Buffer)
+   {
+      ExFreePoolWithTag(WindowName.Buffer, TAG_STRING);
+   }
    if (! IS_ATOM(ClassName.Buffer))
    {
-      RtlFreeUnicodeString(&ClassName);
+      ExFreePoolWithTag(ClassName.Buffer, TAG_STRING);
    }
 
    RETURN( NewWindow);
@@ -4013,7 +4016,7 @@
 
    Ret = (UINT)IntAddAtom(SafeMessageName.Buffer);
 
-   RtlFreeUnicodeString(&SafeMessageName);
+   ExFreePoolWithTag(SafeMessageName.Buffer, TAG_STRING);
    RETURN( Ret);
 
 CLEANUP:

Modified: trunk/reactos/subsystems/win32/win32k/objects/dc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/objects/dc.c?rev=35921&r1=35920&r2=35921&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/objects/dc.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/objects/dc.c [iso-8859-1] Thu Sep  4 03:47:56 2008
@@ -216,7 +216,7 @@
                                   QueryTable,
                                   NULL,
                                   NULL);
-  RtlFreeUnicodeString(&RegistryPath);
+  ExFreePoolWithTag(RegistryPath.Buffer, TAG_RTLREGISTRY);
   if (! NT_SUCCESS(Status))
     {
       DPRINT1("No InstalledDisplayDrivers value in service entry found\n");
@@ -323,7 +323,7 @@
         }
     }
 
-  RtlFreeUnicodeString(&RegistryPath);
+  ExFreePoolWithTag(RegistryPath.Buffer, TAG_RTLREGISTRY);
 
   if (! Valid)
     {
@@ -428,14 +428,14 @@
       if (!GotDriver)
       {
          ObDereferenceObject(PrimarySurface.VideoFileObject);
-         RtlFreeUnicodeString(&DriverFileNames);
+         ExFreePoolWithTag(DriverFileNames.Buffer, TAG_RTLREGISTRY);
          DPRINT1("No suitable DDI driver found\n");
          continue;
       }
 
       DPRINT("Display driver %S loaded\n", CurrentName);
 
-      RtlFreeUnicodeString(&DriverFileNames);
+      ExFreePoolWithTag(DriverFileNames.Buffer, TAG_RTLREGISTRY);
 
       DPRINT("Building DDI Functions\n");
 
@@ -2453,7 +2453,7 @@
   {
     if(Buf)
     {
-      ExFreePool(Buf);
+      ExFreePoolWithTag(Buf, TAG_DC);
     }
     DPRINT1("GDIOBJ_AllocObjWithHandle failed\n");
     return NULL;
@@ -2644,7 +2644,8 @@
 DC_Cleanup(PVOID ObjectBody)
 {
   PDC pDC = (PDC)ObjectBody;
-  RtlFreeUnicodeString(&pDC->DriverName);
+  if (pDC->DriverName.Buffer)
+    ExFreePoolWithTag(pDC->DriverName.Buffer, TAG_DC);
   return TRUE;
 }
 
@@ -3103,7 +3104,7 @@
         }
       }
 
-      RtlFreeUnicodeString(&DriverFileNames);
+      ExFreePoolWithTag(DriverFileNames.Buffer, TAG_RTLREGISTRY);
     }
 
     /* return cached info */

Modified: trunk/reactos/subsystems/win32/win32k/objects/text.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/objects/text.c?rev=35921&r1=35920&r2=35921&view=diff
==============================================================================
--- trunk/reactos/subsystems/win32/win32k/objects/text.c [iso-8859-1] (original)
+++ trunk/reactos/subsystems/win32/win32k/objects/text.c [iso-8859-1] Thu Sep  4 03:47:56 2008
@@ -355,7 +355,7 @@
       return 0;
    }
 
-   FontGDI->Filename = ExAllocatePool(PagedPool, FileName->Length + sizeof(WCHAR));
+   FontGDI->Filename = ExAllocatePoolWithTag(PagedPool, FileName->Length + sizeof(WCHAR), TAG_PFF);
    if (FontGDI->Filename == NULL)
    {
       EngFreeMem(FontGDI);



More information about the Ros-diffs mailing list