IopFreeIoCompletionPacket has the opposite bug -- there is an interlocked push (free) even in the ExFreePool case. There should be a return following the ExFreePool, otherwise we're corrupting memory.
On Thu, Feb 28, 2008 at 11:37 AM, fireball@svn.reactos.org wrote:
Author: fireball Date: Thu Feb 28 14:37:14 2008 New Revision: 32521
URL: http://svn.reactos.org/svn/reactos?rev=32521&view=rev Log:
- Fix leaking an entry in some cases during ObpFreeCapturedAttributes call. For more details: http://www.reactos.org/forum/viewtopic.php?t=5311.
Modified: trunk/reactos/ntoskrnl/include/internal/ob_x.h
Modified: trunk/reactos/ntoskrnl/include/internal/ob_x.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/include/internal/o... ============================================================================== --- trunk/reactos/ntoskrnl/include/internal/ob_x.h (original) +++ trunk/reactos/ntoskrnl/include/internal/ob_x.h Thu Feb 28 14:37:14 2008 @@ -290,6 +290,12 @@ List->L.FreeMisses++; List->L.Free(Buffer); }
else{/* The free was within the Depth */InterlockedPushEntrySList(&List->L.ListHead,(PSINGLE_LIST_ENTRY)Buffer);}