[ros-diffs] [pschweitzer] 75269: [RXCE] Assorted fixes: - Avoid list corruption - Avoid stack corruption - Avoid ASSERT on FCB reuse for same file type CORE-11327

Author: pschweitzer Date: Sun Jul 2 20:10:16 2017 New Revision: 75269 URL: http://svn.reactos.org/svn/reactos?rev=75269&view=rev Log: [RXCE] Assorted fixes: - Avoid list corruption - Avoid stack corruption - Avoid ASSERT on FCB reuse for same file type CORE-11327 Modified: trunk/reactos/sdk/lib/drivers/rxce/rxce.c Modified: trunk/reactos/sdk/lib/drivers/rxce/rxce.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/drivers/rxce/rxce.… ============================================================================== --- trunk/reactos/sdk/lib/drivers/rxce/rxce.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/drivers/rxce/rxce.c [iso-8859-1] Sun Jul 2 20:10:16 2017 @@ -2899,13 +2899,13 @@ { PLIST_ENTRY ListEntry; - for (ListEntry = ThisSrvOpen->FobxList.Flink; - ListEntry != &ThisSrvOpen->FobxList; - ListEntry = ListEntry->Flink) + ListEntry = ThisSrvOpen->FobxList.Flink; + while (ListEntry != &ThisSrvOpen->FobxList) { PFOBX Fobx; Fobx = CONTAINING_RECORD(ListEntry, FOBX, FobxQLinks); + ListEntry = ListEntry->Flink; RxFinalizeNetFobx(Fobx, TRUE, ForceFinalize); } } @@ -3662,14 +3662,14 @@ IN RX_FILE_TYPE FileType, IN PFCB_INIT_PACKET InitPacket OPTIONAL) { - NODE_TYPE_CODE OldType; + RX_FILE_TYPE OldType; PAGED_CODE(); DPRINT("RxFinishFcbInitialization(%p, %x, %p)\n", Fcb, FileType, InitPacket); - OldType = Fcb->Header.NodeTypeCode; - Fcb->Header.NodeTypeCode = FileType; + OldType = NodeType(Fcb); + NodeType(Fcb) = FileType; /* If mini-rdr already did the job for mailslot attributes, 0 the rest */ if (BooleanFlagOn(Fcb->FcbState, FCB_STATE_TIME_AND_SIZE_ALREADY_SET) && FileType == RDBSS_NTC_MAILSLOT) { @@ -3688,19 +3688,23 @@ if (FileType != RDBSS_NTC_STORAGE_TYPE_UNKNOWN && FileType != RDBSS_NTC_STORAGE_TYPE_DIRECTORY) { - /* If our FCB newly points to a file, initiliaz everything related */ - if (FileType == RDBSS_NTC_STORAGE_TYPE_FILE && - OldType != RDBSS_NTC_STORAGE_TYPE_FILE) - { - RxInitializeLowIoPerFcbInfo(&((PFCB)Fcb)->Specific.Fcb.LowIoPerFcbInfo); - FsRtlInitializeFileLock(&((PFCB)Fcb)->Specific.Fcb.FileLock, &RxLockOperationCompletion, - &RxUnlockOperation); - - ((PFCB)Fcb)->BufferedLocks.List = NULL; - ((PFCB)Fcb)->BufferedLocks.PendingLockOps = 0; - - Fcb->Header.IsFastIoPossible = FastIoIsQuestionable; - } + /* If our FCB newly points to a file, initiliaze everything related */ + if (FileType == RDBSS_NTC_STORAGE_TYPE_FILE) + + { + if (OldType != RDBSS_NTC_STORAGE_TYPE_FILE) + { + RxInitializeLowIoPerFcbInfo(&((PFCB)Fcb)->Specific.Fcb.LowIoPerFcbInfo); + FsRtlInitializeFileLock(&((PFCB)Fcb)->Specific.Fcb.FileLock, RxLockOperationCompletion, + RxUnlockOperation); + + ((PFCB)Fcb)->BufferedLocks.List = NULL; + ((PFCB)Fcb)->BufferedLocks.PendingLockOps = 0; + + Fcb->Header.IsFastIoPossible = FastIoIsQuestionable; + } + } + /* If not a file, validate type */ else { ASSERT(FileType >= RDBSS_NTC_SPOOLFILE && FileType <= RDBSS_NTC_MAILSLOT); @@ -4561,8 +4565,7 @@ { PAGED_CODE(); - RxTimerInterval.HighPart = -1; - RxTimerInterval.LowPart = -550000; + RxTimerInterval.QuadPart = -550000; KeInitializeSpinLock(&RxTimerLock); InitializeListHead(&RxTimerQueueHead); InitializeListHead(&RxRecurrentWorkItemsList); @@ -6205,15 +6208,17 @@ RxProcessChangeBufferingStateRequestsForSrvOpen( PSRV_OPEN SrvOpen) { - LONG NumberOfBufferingChangeRequests, OldBufferingToken; + LONG NumberOfBufferingChangeRequests, LockedOldBufferingToken, OldBufferingToken; /* Get the current number of change requests */ NumberOfBufferingChangeRequests = ((PSRV_CALL)SrvOpen->pVNetRoot->pNetRoot->pSrvCall)->BufferingManager.CumulativeNumberOfBufferingChangeRequests; /* Get our old token */ - OldBufferingToken = InterlockedCompareExchange(&SrvOpen->BufferingToken, - NumberOfBufferingChangeRequests, NumberOfBufferingChangeRequests); - /* Do we have stuff to process? */ - if (OldBufferingToken != SrvOpen->BufferingToken) + OldBufferingToken = SrvOpen->BufferingToken; + LockedOldBufferingToken = InterlockedCompareExchange(&SrvOpen->BufferingToken, + NumberOfBufferingChangeRequests, + NumberOfBufferingChangeRequests); + /* If buffering state changed in between, process changes */ + if (OldBufferingToken != LockedOldBufferingToken) { PFCB Fcb; NTSTATUS Status;