don't free the string allocated by RtlDosPathNameToNtPathName_U using RtlFreeUnicodeString because the string isn't allocated with the USTR tag
Modified: trunk/reactos/lib/kernel32/file/cnotify.c
Modified: trunk/reactos/lib/kernel32/file/create.c
Modified: trunk/reactos/lib/kernel32/file/delete.c
Modified: trunk/reactos/lib/kernel32/file/file.c
Modified: trunk/reactos/lib/kernel32/file/find.c
Modified: trunk/reactos/lib/kernel32/file/hardlink.c
Modified: trunk/reactos/lib/kernel32/file/mailslot.c
Modified: trunk/reactos/lib/kernel32/file/move.c
Modified: trunk/reactos/lib/kernel32/file/npipe.c
Modified: trunk/reactos/lib/kernel32/file/volume.c
Modified: trunk/reactos/lib/ntdll/ldr/utils.c
Modified: trunk/reactos/subsys/smss/initpage.c
Modified: trunk/reactos/subsys/smss/initwkdll.c

Modified: trunk/reactos/lib/kernel32/file/cnotify.c
--- trunk/reactos/lib/kernel32/file/cnotify.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/cnotify.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -99,18 +99,12 @@
    -Gunnar
    */
 
+   RtlFreeHeap(RtlGetProcessHeap(),
+               0,
+               NtPathU.Buffer);
 
 
-   /* FIXME: We free the string alloced by RtlDosPathNameToNtPathName_U, but what
-    * about the special case where the user can pass a \\?\ path? We must not free
-    * the users buffer!. But should we even call RtlDosPathNameToNtPathName_U in that
-    * case??? -Gunnar
-    */
 
-   RtlFreeUnicodeString( &NtPathU);
-
-
-
    if (!NT_SUCCESS(Status))
    {
       SetLastErrorByStatus(Status);

Modified: trunk/reactos/lib/kernel32/file/create.c
--- trunk/reactos/lib/kernel32/file/create.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/create.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -104,19 +104,6 @@
         return (INVALID_HANDLE_VALUE);
      }
 
-   /* validate & translate the filename */
-   if (!RtlDosPathNameToNtPathName_U (lpFileName,
-				      &NtPathU,
-				      NULL,
-				      NULL))
-   {
-     DPRINT("Invalid path\n");
-     SetLastError(ERROR_PATH_NOT_FOUND);
-     return INVALID_HANDLE_VALUE;
-   }
-
-   DPRINT("NtPathU \'%S\'\n", NtPathU.Buffer);
-
   /* validate & translate the flags */
 
    /* translate the flags that need no validation */
@@ -209,6 +196,19 @@
       }
    }
 
+   /* validate & translate the filename */
+   if (!RtlDosPathNameToNtPathName_U (lpFileName,
+				      &NtPathU,
+				      NULL,
+				      NULL))
+   {
+     DPRINT("Invalid path\n");
+     SetLastError(ERROR_PATH_NOT_FOUND);
+     return INVALID_HANDLE_VALUE;
+   }
+
+   DPRINT("NtPathU \'%wZ\'\n", &NtPathU);
+
    if (hTemplateFile != NULL)
    {
       FILE_EA_INFORMATION EaInformation;
@@ -230,6 +230,10 @@
                                        EaInformation.EaSize);
             if (EaBuffer == NULL)
             {
+               RtlFreeHeap(RtlGetProcessHeap(),
+                           0,
+                           NtPathU.Buffer);
+
                /* the template file handle is valid and has extended attributes,
                   however we seem to lack some memory here. We should fail here! */
                SetLastError(ERROR_NOT_ENOUGH_MEMORY);
@@ -309,7 +313,9 @@
 			  EaBuffer,
 			  EaLength);
 
-   RtlFreeUnicodeString(&NtPathU);
+   RtlFreeHeap(RtlGetProcessHeap(),
+               0,
+               NtPathU.Buffer);
 
    /* free the extended attributes buffer if allocated */
    if (EaBuffer != NULL)
@@ -370,7 +376,7 @@
     HANDLE hSymlink = NULL;
     UNICODE_STRING SymlinkFileName = { 0, 0, NULL };
     UNICODE_STRING TargetFileName = { 0, 0, NULL };
-    BOOLEAN bRelativePath = FALSE;
+    BOOLEAN bAllocatedTarget = FALSE, bRelativePath = FALSE;
     LPWSTR lpTargetFullFileName = NULL;
     SIZE_T cbPrintName;
     SIZE_T cbReparseData;
@@ -439,6 +445,7 @@
     default:
         if(!RtlDosPathNameToNtPathName_U(lpTargetFileName, &TargetFileName, NULL, NULL))
         {
+            bAllocatedTarget = TRUE;
             dwErr = ERROR_INVALID_PARAMETER;
             goto Cleanup;
         }
@@ -535,7 +542,12 @@
         NtClose(hSymlink);
 
     RtlFreeUnicodeString(&SymlinkFileName);
-    RtlFreeUnicodeString(&TargetFileName);
+    if (bAllocatedTarget)
+    {
+        RtlFreeHeap(RtlGetProcessHeap(),
+                    0,
+                    TargetFileName.Buffer);
+    }
 
     if(lpTargetFullFileName)
         RtlFreeHeap(RtlGetProcessHeap(), 0, lpTargetFullFileName);

Modified: trunk/reactos/lib/kernel32/file/delete.c
--- trunk/reactos/lib/kernel32/file/delete.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/delete.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -84,7 +84,9 @@
 	                       NULL,
 	                       0);
 
-	RtlFreeUnicodeString(&NtPathU);
+	RtlFreeHeap(RtlGetProcessHeap(),
+                    0,
+                    NtPathU.Buffer);
 
 	if (!NT_SUCCESS(Status))
 	{

Modified: trunk/reactos/lib/kernel32/file/file.c
--- trunk/reactos/lib/kernel32/file/file.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/file.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -309,7 +309,9 @@
 
 	if ((uStyle & OF_PARSE) == OF_PARSE)
 	{
-		RtlFreeUnicodeString(&FileNameString);
+		RtlFreeHeap(RtlGetProcessHeap(),
+                            0,
+                            FileNameString.Buffer);
 		return (HFILE)NULL;
 	}
 
@@ -327,7 +329,9 @@
 	                      FILE_SHARE_READ,
 	                      FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT);
 
-	RtlFreeUnicodeString(&FileNameString);
+	RtlFreeHeap(RtlGetProcessHeap(),
+                    0,
+                    FileNameString.Buffer);
 
 	lpReOpenBuff->nErrCode = RtlNtStatusToDosError(errCode);
 

Modified: trunk/reactos/lib/kernel32/file/find.c
--- trunk/reactos/lib/kernel32/file/find.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/find.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -877,7 +877,9 @@
         NtClose(FileHandle);
     }
 
-    RtlFreeUnicodeString(&NtPathU);
+    RtlFreeHeap(RtlGetProcessHeap(),
+                0,
+                NtPathU.Buffer);
 
     if (!NT_SUCCESS(Status))
     {

Modified: trunk/reactos/lib/kernel32/file/hardlink.c
--- trunk/reactos/lib/kernel32/file/hardlink.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/hardlink.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -181,7 +181,7 @@
     {
       SetLastError(ERROR_INVALID_NAME);
     }
-    RtlFreeUnicodeString(&LinkTarget);
+    RtlFreeHeap(RtlGetProcessHeap(), 0, LinkTarget.Buffer);
   }
   else
   {

Modified: trunk/reactos/lib/kernel32/file/mailslot.c
--- trunk/reactos/lib/kernel32/file/mailslot.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/mailslot.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -99,7 +99,9 @@
 				 nMaxMessageSize,
 				 &DefaultTimeOut);
 
-   RtlFreeUnicodeString(&MailslotName);
+   RtlFreeHeap(RtlGetProcessHeap(),
+               0,
+               MailslotName.Buffer);
 
    if (!NT_SUCCESS(Status))
      {

Modified: trunk/reactos/lib/kernel32/file/move.c
--- trunk/reactos/lib/kernel32/file/move.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/move.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -81,7 +81,7 @@
     UNICODE_STRING nameW, source_name, dest_name;
     KEY_VALUE_PARTIAL_INFORMATION *info;
     BOOL rc = FALSE;
-    HANDLE Reboot = 0;
+    HANDLE Reboot = NULL;
     DWORD len1, len2;
     DWORD DataSize = 0;
     BYTE *Buffer = NULL;
@@ -98,7 +98,7 @@
     dest_name.Buffer = NULL;
     if (dest && !RtlDosPathNameToNtPathName_U( dest, &dest_name, NULL, NULL ))
     {
-        RtlFreeUnicodeString( &source_name );
+        RtlFreeHeap( RtlGetProcessHeap(), 0, source_name.Buffer );
         SetLastError( ERROR_PATH_NOT_FOUND );
         return FALSE;
     }
@@ -120,8 +120,8 @@
     if (!NT_SUCCESS(Status))
     {
         DPRINT1("NtCreateKey() failed (Status 0x%lx)\n", Status);
-        RtlFreeUnicodeString( &source_name );
-        RtlFreeUnicodeString( &dest_name );
+        RtlFreeHeap( RtlGetProcessHeap(), 0, source_name.Buffer );
+        RtlFreeHeap( RtlGetProcessHeap(), 0, dest_name.Buffer );
         return FALSE;
     }
 
@@ -176,11 +176,11 @@
     *p = 0;
     DataSize += sizeof(WCHAR);
 
-    rc = !NtSetValueKey(Reboot, &nameW, 0, REG_MULTI_SZ, Buffer + info_size, DataSize - info_size);
+    rc = NT_SUCCESS(NtSetValueKey(Reboot, &nameW, 0, REG_MULTI_SZ, Buffer + info_size, DataSize - info_size));
 
  Quit:
-    RtlFreeUnicodeString( &source_name );
-    RtlFreeUnicodeString( &dest_name );
+    RtlFreeHeap( RtlGetProcessHeap(), 0, source_name.Buffer );
+    RtlFreeHeap( RtlGetProcessHeap(), 0, dest_name.Buffer );
     if (Reboot) NtClose(Reboot);
     HeapFree( GetProcessHeap(), 0, Buffer );
     return(rc);

Modified: trunk/reactos/lib/kernel32/file/npipe.c
--- trunk/reactos/lib/kernel32/file/npipe.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/npipe.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -215,7 +215,9 @@
     }
 
     /* Free the name */
-    RtlFreeUnicodeString(&NamedPipeName);
+    RtlFreeHeap(RtlGetProcessHeap(),
+                0,
+                NamedPipeName.Buffer);
 
     /* Check status */
     if (!NT_SUCCESS(Status))

Modified: trunk/reactos/lib/kernel32/file/volume.c
--- trunk/reactos/lib/kernel32/file/volume.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/kernel32/file/volume.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -66,7 +66,9 @@
 			    NULL,
 			    0);
 
-    RtlFreeUnicodeString(&NtPathU);
+    RtlFreeHeap(RtlGetProcessHeap(),
+                0,
+                NtPathU.Buffer);
 
     if (!NT_SUCCESS(errCode))
     {

Modified: trunk/reactos/lib/ntdll/ldr/utils.c
--- trunk/reactos/lib/ntdll/ldr/utils.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/lib/ntdll/ldr/utils.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -640,10 +640,14 @@
     {
       DPRINT1("Dll open of %wZ failed: Status = 0x%08lx\n",
                &FullNtFileName, Status);
-      RtlFreeUnicodeString (&FullNtFileName);
+      RtlFreeHeap (RtlGetProcessHeap (),
+                   0,
+                   FullNtFileName.Buffer);
       return Status;
     }
-  RtlFreeUnicodeString (&FullNtFileName);
+  RtlFreeHeap (RtlGetProcessHeap (),
+               0,
+               FullNtFileName.Buffer);
 
   Status = NtReadFile(FileHandle,
                       NULL,

Modified: trunk/reactos/subsys/smss/initpage.c
--- trunk/reactos/subsys/smss/initpage.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/subsys/smss/initpage.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -162,7 +162,9 @@
                             NULL,
                             0);
 
-      RtlFreeUnicodeString(&NtPathU);
+      RtlFreeHeap(RtlGetProcessHeap(),
+                  0,
+                  NtPathU.Buffer);
 
       if (!NT_SUCCESS(Status))
         {
@@ -230,7 +232,9 @@
     }
 
 Cleanup:
-  RtlFreeUnicodeString(&FileName);
+  RtlFreeHeap(RtlGetProcessHeap(),
+              0,
+              FileName.Buffer);
 
   return STATUS_SUCCESS;
 }

Modified: trunk/reactos/subsys/smss/initwkdll.c
--- trunk/reactos/subsys/smss/initwkdll.c	2006-01-22 13:06:23 UTC (rev 20974)
+++ trunk/reactos/subsys/smss/initwkdll.c	2006-01-22 13:41:39 UTC (rev 20975)
@@ -203,9 +203,14 @@
 		      &IoStatusBlock,
 		      FILE_SHARE_READ | FILE_SHARE_WRITE,
 		      FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE);
+
+  RtlFreeHeap(RtlGetProcessHeap(),
+              0,
+              DllNtPath.Buffer);
+
   if (!NT_SUCCESS(Status))
     {
-      DPRINT1("NtOpenFile(%wZ) failed (Status %lx)\n", &DllNtPath, Status);
+      DPRINT1("NtOpenFile failed (Status %lx)\n", Status);
       return Status;
     }