[ros-diffs] [arty] 40323: We don't need the user buffer after launching the TDI irp actually, so free it immediately and fix the heap leak. We also never pend datagram sends to userland. Clean up some cruft where we erroneously set the wrong irp's status.

Author: arty Date: Thu Apr 2 06:35:41 2009 New Revision: 40323 URL: http://svn.reactos.org/svn/reactos?rev=40323&view=rev Log: We don't need the user buffer after launching the TDI irp actually, so free it immediately and fix the heap leak. We also never pend datagram sends to userland. Clean up some cruft where we erroneously set the wrong irp's status. Modified: trunk/reactos/drivers/network/afd/afd/write.c Modified: trunk/reactos/drivers/network/afd/afd/write.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/network/afd/afd/wr… ============================================================================== --- trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] (original) +++ trunk/reactos/drivers/network/afd/afd/write.c [iso-8859-1] Thu Apr 2 06:35:41 2009 @@ -41,8 +41,6 @@ ASSERT_IRQL(APC_LEVEL); if( !SocketAcquireStateLock( FCB ) ) { - Irp->IoStatus.Status = STATUS_FILE_CLOSED; - Irp->IoStatus.Information = 0; return STATUS_FILE_CLOSED; } @@ -50,8 +48,6 @@ /* Request is not in flight any longer */ if( FCB->State == SOCKET_STATE_CLOSED ) { - Irp->IoStatus.Status = STATUS_FILE_CLOSED; - Irp->IoStatus.Information = 0; SocketStateUnlock( FCB ); return STATUS_FILE_CLOSED; } @@ -172,8 +168,6 @@ Irp->IoStatus.Information)); if( !SocketAcquireStateLock( FCB ) ) { - Irp->IoStatus.Status = STATUS_FILE_CLOSED; - Irp->IoStatus.Information = 0; return STATUS_FILE_CLOSED; } @@ -184,8 +178,6 @@ PollReeval( FCB->DeviceExt, FCB->FileObject ); if( FCB->State == SOCKET_STATE_CLOSED ) { - Irp->IoStatus.Status = STATUS_FILE_CLOSED; - Irp->IoStatus.Information = 0; SocketStateUnlock( FCB ); return STATUS_FILE_CLOSED; } @@ -202,6 +194,7 @@ PFILE_OBJECT FileObject = IrpSp->FileObject; PAFD_FCB FCB = FileObject->FsContext; PAFD_SEND_INFO SendReq; + ULONG Information; UINT TotalBytesCopied = 0, i, CopySize = 0, SpaceAvail = 0, TotalBytesEncountered = 0; @@ -255,8 +248,11 @@ AFD_DbgPrint(MID_TRACE,("Dismissing request: %x\n", Status)); - return UnlockAndMaybeComplete( FCB, Status, Irp, - SendReq->BufferArray[0].len ); + /* Even if we were pended, we're done with the user buffer at this + * point. */ + Information = SendReq->BufferArray[0].len; + UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE); + return UnlockAndMaybeComplete( FCB, Status, Irp, Information ); } if( !(SendReq = LockRequest( Irp, IrpSp )) ) @@ -370,6 +366,7 @@ PFILE_OBJECT FileObject = IrpSp->FileObject; PAFD_FCB FCB = FileObject->FsContext; PAFD_SEND_INFO_UDP SendReq; + ULONG Information; AFD_DbgPrint(MID_TRACE,("Called on %x\n", FCB)); @@ -427,7 +424,10 @@ AFD_DbgPrint(MID_TRACE,("Dismissing request: %x\n", Status)); - return UnlockAndMaybeComplete - ( FCB, Status, Irp, SendReq->BufferArray[0].len ); + /* Even if we were pended, we're done with the user buffer at this + * point. */ + Information = SendReq->BufferArray[0].len; + UnlockBuffers(SendReq->BufferArray, SendReq->BufferCount, FALSE); + return UnlockAndMaybeComplete( FCB, Status, Irp, Information ); }