https://git.reactos.org/?p=reactos.git;a=commitdiff;h=4f8bbd141e9ba1719daebf...
commit 4f8bbd141e9ba1719daebf61d6ef940e51d427fa Author: Tuur Martens tuurmartens4@gmail.com AuthorDate: Tue May 17 12:06:28 2022 +0200 Commit: George Bișoc george.bisoc@reactos.org CommitDate: Wed May 18 12:31:31 2022 +0200
[NTOS:MM] Fix memory leak in MiMapViewOfDataSection
If inserting the allocated VAD fails, MiMapViewOfDataSection will make no attempt to free the allocated VAD. Nor will it call MiDereferenceControlArea(ControlArea); like other failure return paths. This commit fixes this behavior. Co-authored-by: Hermès BÉLUSCA - MAÏTO hermes.belusca-maito@reactos.org --- ntoskrnl/mm/ARM3/section.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)
diff --git a/ntoskrnl/mm/ARM3/section.c b/ntoskrnl/mm/ARM3/section.c index 40d942f7703..ad20d01e093 100644 --- a/ntoskrnl/mm/ARM3/section.c +++ b/ntoskrnl/mm/ARM3/section.c @@ -1494,6 +1494,11 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea, if (!NT_SUCCESS(Status)) { ExFreePoolWithTag(Vad, 'ldaV'); + MiDereferenceControlArea(ControlArea); + + KeAcquireGuardedMutex(&MmSectionCommitMutex); + Segment->NumberOfCommittedPages -= QuotaCharge; + KeReleaseGuardedMutex(&MmSectionCommitMutex); return Status; }
@@ -1506,6 +1511,13 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea, AllocationType); if (!NT_SUCCESS(Status)) { + ExFreePoolWithTag(Vad, 'ldaV'); + MiDereferenceControlArea(ControlArea); + + KeAcquireGuardedMutex(&MmSectionCommitMutex); + Segment->NumberOfCommittedPages -= QuotaCharge; + KeReleaseGuardedMutex(&MmSectionCommitMutex); + PsReturnProcessNonPagedPoolQuota(PsGetCurrentProcess(), sizeof(MMVAD_LONG)); return Status; }