[ros-diffs] [sginsberg] 41985: - Hey Arch, did you know MmpDeleteSection can be called for a Section Object before it is fully set up (when ObDereferenceObject is called before all fields are initialized), and it will now crash due to a bogus, nonintialized Segment/ImageSection pointer? Always zero out the whole buffer to prevent this. Fixes the kernel32 loader Winetest.

sginsberg at svn.reactos.org sginsberg at svn.reactos.org
Wed Jul 15 20:35:32 CEST 2009 

Author: sginsberg
Date: Wed Jul 15 20:35:31 2009
New Revision: 41985

URL: http://svn.reactos.org/svn/reactos?rev=41985&view=rev
Log:
- Hey Arch, did you know MmpDeleteSection can be called for a Section Object before it is fully set up (when ObDereferenceObject is called before all fields are initialized), and it will now crash due to a bogus, nonintialized Segment/ImageSection pointer? Always zero out the whole buffer to prevent this. Fixes the kernel32 loader Winetest.

Modified:
    trunk/reactos/ntoskrnl/mm/section.c

Modified: trunk/reactos/ntoskrnl/mm/section.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/section.c?rev=41985&r1=41984&r2=41985&view=diff
==============================================================================
--- trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] Wed Jul 15 20:35:31 2009
@@ -2375,12 +2375,9 @@
    /*
     * Initialize it
     */
-   Section->Type = 0;
-   Section->Size = 0;
+   RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT));
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
-   Section->Segment = NULL;
-   Section->FileObject = NULL;
    Section->MaximumSize = MaximumSize;
    Segment = ExAllocatePoolWithTag(NonPagedPool, sizeof(MM_SECTION_SEGMENT),
                                    TAG_MM_SECTION_SEGMENT);
@@ -2449,11 +2446,9 @@
    /*
     * Initialize it
     */
-   Section->Type = 0;
-   Section->Size = 0;
+   RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT));
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;
-   Section->Segment = NULL;
 
    /*
     * Check file access required
@@ -3377,9 +3372,7 @@
    /*
     * Initialize it
     */
-   Section->Type = 0;
-   Section->Size = 0;
-   Section->MaximumSize.QuadPart = 0;
+   RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT));
    Section->SectionPageProtection = SectionPageProtection;
    Section->AllocationAttributes = AllocationAttributes;

More information about the Ros-diffs mailing list