4 Mar
2005
4 Mar
'05
6:36 p.m.
Hartmut Birr wrote:
I think the problem is a missing status check after a
call to
ObReferenceXXX. The object is being deleted. The return value is an
error and the object isn't referenced. Later the object get a
dereference call too much.
Yes, even though looking at the code without my changes there obviously
have to be too many dereferences. Just think of the case where the parse
routine returns STATUS_SUCCESS and returns a pointer to the next object.
In this case the ObFindObject routine doesn't reference it (because it
assumes the parsing routine does it (which is wrong), and likely
triggered the bug when handling symbolic links, which don't reference
the next object pointer). the next loop it might find another next
object and dereferences the previous one (which in case of symbolic
links) wasn't referenced. every time objects were parsed bug there were
deeper levels to be parsed some objects might be dereferenced too often.
I think my patch should fix this problem, so someone who can reproduce
it should give it a try.
Sorry for this bad description but I'm a bit in a hurry.
Best Regards,
Thomas