[ros-diffs] [fireball] 35836: - Fix two major problems in CmpCleanUpKcbCacheWithLock: * Accessing (reading and writing - corruption!) freed paged pool memory. * Lacking a dereference of a parent key. - Fix a typo in the comment ("reference" -> "dereference").

Author: fireball Date: Sun Aug 31 11:24:29 2008 New Revision: 35836 URL: http://svn.reactos.org/svn/reactos?rev=35836&view=rev Log: - Fix two major problems in CmpCleanUpKcbCacheWithLock: * Accessing (reading and writing - corruption!) freed paged pool memory. * Lacking a dereference of a parent key. - Fix a typo in the comment ("reference" -> "dereference"). Modified: trunk/reactos/ntoskrnl/config/cmkcbncb.c Modified: trunk/reactos/ntoskrnl/config/cmkcbncb.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmkcbncb.c… ============================================================================== --- trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] Sun Aug 31 11:24:29 2008 @@ -483,7 +483,7 @@ /* Cleanup the value cache */ CmpCleanUpKcbValueCache(Kcb); - /* Reference the NCB */ + /* Dereference the NCB */ CmpDereferenceNameControlBlockWithLock(Kcb->NameBlock); /* Check if we have an index hint block and free it */ @@ -492,10 +492,10 @@ /* Check if we were already deleted */ Parent = Kcb->ParentKcb; if (!Kcb->Delete) CmpRemoveKeyControlBlock(Kcb); - + /* Set invalid KCB signature */ Kcb->Signature = CM_KCB_INVALID_SIGNATURE; - + /* Free the KCB as well */ CmpFreeKeyControlBlock(Kcb); @@ -504,8 +504,8 @@ { /* Dereference the parent */ LockHeldExclusively ? - CmpDereferenceKeyControlBlockWithLock(Kcb,LockHeldExclusively) : - CmpDelayDerefKeyControlBlock(Kcb); + CmpDereferenceKeyControlBlockWithLock(Parent,LockHeldExclusively) : + CmpDelayDerefKeyControlBlock(Parent); } }