Author: sir_richard Date: Sun Aug 29 19:32:25 2010 New Revision: 48651
URL: http://svn.reactos.org/svn/reactos?rev=48651&view=rev Log: [NTOS]: Add an extra layer of protection for freed nonpaged pool: write a 4-byte signature on freed blocks, and assert its valid on checked builds. Use a slightly less egocentric ASCII value than on Windows (name of the developer who wrote the first memory manager).
Modified: trunk/reactos/ntoskrnl/mm/ARM3/pool.c
Modified: trunk/reactos/ntoskrnl/mm/ARM3/pool.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/ARM3/pool.c?rev... ============================================================================== --- trunk/reactos/ntoskrnl/mm/ARM3/pool.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/ARM3/pool.c [iso-8859-1] Sun Aug 29 19:32:25 2010 @@ -298,6 +298,7 @@ FreeEntry = MmNonPagedPoolStart; FirstEntry = FreeEntry; FreeEntry->Size = PoolPages; + FreeEntry->Signature = MM_FREE_POOL_SIGNATURE; FreeEntry->Owner = FirstEntry;
// @@ -316,6 +317,7 @@ // FreeEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)FreeEntry + PAGE_SIZE); FreeEntry->Owner = FirstEntry; + FreeEntry->Signature = MM_FREE_POOL_SIGNATURE; }
// @@ -626,6 +628,7 @@ // Grab the entry and see if it can handle our allocation // FreeEntry = CONTAINING_RECORD(NextEntry, MMFREE_POOL_ENTRY, List); + ASSERT(FreeEntry->Signature == MM_FREE_POOL_SIGNATURE); if (FreeEntry->Size >= SizeInPages) { // @@ -964,6 +967,7 @@ // FreeEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)StartingVa + (NumberOfPages << PAGE_SHIFT)); + ASSERT(FreeEntry->Signature == MM_FREE_POOL_SIGNATURE); ASSERT(FreeEntry->Owner == FreeEntry);
/* Consume this entry's pages */ @@ -1032,6 +1036,7 @@ // Get the free entry descriptor for that given page range // FreeEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)StartingVa - PAGE_SIZE); + ASSERT(FreeEntry->Signature == MM_FREE_POOL_SIGNATURE); FreeEntry = FreeEntry->Owner;
/* Check if protected pool is enabled */ @@ -1118,6 +1123,7 @@ // Link back to the parent free entry, and keep going // NextEntry->Owner = FreeEntry; + NextEntry->Signature = MM_FREE_POOL_SIGNATURE; NextEntry = (PMMFREE_POOL_ENTRY)((ULONG_PTR)NextEntry + PAGE_SIZE); } while (NextEntry != LastEntry);