[hbirr] 14418: Guard the calls to MmProbeAndLockPages and IoPrepareIrpBuffer with an exception frame and do free allocated resources if an exception occurs.
1 Apr
2005
1 Apr
'05
6:17 p.m.
Guard the calls to MmProbeAndLockPages and IoPrepareIrpBuffer with an
exception frame and do free allocated resources if an exception occurs.
Modified: trunk/reactos/ntoskrnl/io/buildirp.c
_____
Modified: trunk/reactos/ntoskrnl/io/buildirp.c
--- trunk/reactos/ntoskrnl/io/buildirp.c 2005-04-01 18:06:50 UTC
(rev 14417)
+++ trunk/reactos/ntoskrnl/io/buildirp.c 2005-04-01 18:17:47 UTC
(rev 14418)
@@ -37,7 +37,6 @@
(PVOID)ExAllocatePoolWithTag(NonPagedPool,Length,
TAG_SYS_BUF);
if (Irp->AssociatedIrp.SystemBuffer==NULL)
{
- IoFreeIrp(Irp);
return(STATUS_NOT_IMPLEMENTED);
}
/* FIXME: should copy buffer in on other ops */
@@ -121,13 +120,34 @@
StackPtr->FileObject = NULL;
StackPtr->CompletionRoutine = NULL;
- if (Buffer != NULL)
+ if (Length > 0)
{
- IoPrepareIrpBuffer(Irp,
- DeviceObject,
- Buffer,
- Length,
- MajorFunction);
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ _SEH_FILTER(FreeAndGoOn)
+ {
+ IoFreeIrp(Irp);
+ return EXCEPTION_CONTINUE_SEARCH;
+ }
+ _SEH_TRY_FILTER(FreeAndGoOn)
+ {
+ Status = IoPrepareIrpBuffer(Irp,
+ DeviceObject,
+ Buffer,
+ Length,
+ MajorFunction);
+ }
+ _SEH_HANDLE
+ {
+ KEBUGCHECK(0);
+ }
+ _SEH_END;
+
+ if (!NT_SUCCESS(Status))
+ {
+ IoFreeIrp(Irp);
+ return NULL;
+ }
}
if (MajorFunction == IRP_MJ_READ)
@@ -296,7 +316,27 @@
FALSE,
FALSE,
Irp);
- MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoReadAccess);
+ if (Irp->MdlAddress == NULL)
+ {
+ IoFreeIrp(Irp);
+ return NULL;
+ }
+
+ _SEH_FILTER(FreeAndGoOn)
+ {
+ IoFreeIrp(Irp);
+ return EXCEPTION_CONTINUE_SEARCH;
+ }
+ _SEH_TRY_FILTER(FreeAndGoOn)
+ {
+
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoReadAccess);
+ }
+ _SEH_HANDLE
+ {
+ KEBUGCHECK(0);
+ }
+ _SEH_END;
+
}
break;
@@ -329,7 +369,26 @@
FALSE,
FALSE,
Irp);
-
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoWriteAccess);
+ if (Irp->MdlAddress == NULL)
+ {
+ IoFreeIrp(Irp);
+ return NULL;
+ }
+
+ _SEH_FILTER(FreeAndGoOn)
+ {
+ IoFreeIrp(Irp);
+ return EXCEPTION_CONTINUE_SEARCH;
+ }
+ _SEH_TRY_FILTER(FreeAndGoOn)
+ {
+
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoWriteAccess);
+ }
+ _SEH_HANDLE
+ {
+ KEBUGCHECK(0);
+ }
+ _SEH_END;
}
break;
@@ -352,12 +411,12 @@
*/
PIRP STDCALL
IoBuildSynchronousFsdRequest(ULONG MajorFunction,
- PDEVICE_OBJECT DeviceObject,
- PVOID Buffer,
- ULONG Length,
- PLARGE_INTEGER StartingOffset,
- PKEVENT Event,
- PIO_STATUS_BLOCK IoStatusBlock)
+ PDEVICE_OBJECT DeviceObject,
+ PVOID Buffer,
+ ULONG Length,
+ PLARGE_INTEGER StartingOffset,
+ PKEVENT Event,
+ PIO_STATUS_BLOCK IoStatusBlock)
/*
* FUNCTION: Allocates and builds an IRP to be sent synchronously to
lower
* level driver(s)
7396
days inactive
7396
days old
0 comments
1 participants
participants (1)
-
hbirr@svn.reactos.com