[ros-diffs] [tfaber] 56217: [RTL/HEAP] - Do not overflow the uncommitted range descriptor segment. Really fixes notepad. - Free the correct region in failure case - Some comment fixes See issue #6966 for more ...

Author: tfaber Date: Sat Mar 24 14:42:48 2012 New Revision: 56217 URL: http://svn.reactos.org/svn/reactos?rev=56217&view=rev Log: [RTL/HEAP] - Do not overflow the uncommitted range descriptor segment. Really fixes notepad. - Free the correct region in failure case - Some comment fixes See issue #6966 for more details. Modified: trunk/reactos/lib/rtl/heap.c Modified: trunk/reactos/lib/rtl/heap.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/heap.c?rev=56217&a… ============================================================================== --- trunk/reactos/lib/rtl/heap.c [iso-8859-1] (original) +++ trunk/reactos/lib/rtl/heap.c [iso-8859-1] Sat Mar 24 14:42:48 2012 @@ -476,7 +476,7 @@ { /* Release reserved memory */ ZwFreeVirtualMemory(NtCurrentProcess(), - (PVOID *)&UcrDescriptor, + (PVOID *)&UcrSegment, &ReserveSize, MEM_RELEASE); return NULL; @@ -510,7 +510,7 @@ } /* There is a whole bunch of new UCR descriptors. Put them into the unused list */ - while ((PCHAR)UcrDescriptor < ((PCHAR)UcrSegment + UcrSegment->CommittedSize)) + while ((PCHAR)(UcrDescriptor + 1) < (PCHAR)UcrSegment + UcrSegment->CommittedSize) { InsertTailList(&Heap->UCRList, &UcrDescriptor->ListEntry); UcrDescriptor++; @@ -548,7 +548,7 @@ /* Go through the list of UCR descriptors, they are sorted from lowest address to the highest */ Current = Segment->UCRSegmentList.Flink; - while(Current != &Segment->UCRSegmentList) + while (Current != &Segment->UCRSegmentList) { UcrDescriptor = CONTAINING_RECORD(Current, HEAP_UCR_DESCRIPTOR, SegmentEntry); @@ -563,7 +563,7 @@ return; } - /* We found the block after which the new one should go */ + /* We found the block before which the new one should go */ break; } else if (((ULONG_PTR)UcrDescriptor->Address + UcrDescriptor->Size) == Address) @@ -595,7 +595,7 @@ UcrDescriptor->Address = (PVOID)Address; UcrDescriptor->Size = Size; - /* "Current" is the descriptor after which our one should go */ + /* "Current" is the descriptor before which our one should go */ InsertTailList(Current, &UcrDescriptor->SegmentEntry); DPRINT("Added segment UCR with base %p, size 0x%x\n", Address, Size); @@ -620,7 +620,7 @@ /* Go through UCRs in a segment */ Current = Segment->UCRSegmentList.Flink; - while(Current != &Segment->UCRSegmentList) + while (Current != &Segment->UCRSegmentList) { UcrDescriptor = CONTAINING_RECORD(Current, HEAP_UCR_DESCRIPTOR, SegmentEntry); @@ -1694,7 +1694,7 @@ /* Free UCR segments if any were created */ Current = Heap->UCRSegments.Flink; - while(Current != &Heap->UCRSegments) + while (Current != &Heap->UCRSegments) { UcrSegment = CONTAINING_RECORD(Current, HEAP_UCR_SEGMENT, ListEntry);