[hbirr] 14418: Guard the calls to MmProbeAndLockPages and IoPrepareIrpBuffer with an exception frame and do free allocated resources if an exception occurs. - Ros-diffs

1 Apr 2005

Guard the calls to MmProbeAndLockPages and IoPrepareIrpBuffer with an
exception frame and do free allocated resources if an exception occurs.
Modified: trunk/reactos/ntoskrnl/io/buildirp.c
  _____  

Modified: trunk/reactos/ntoskrnl/io/buildirp.c

--- trunk/reactos/ntoskrnl/io/buildirp.c	2005-04-01 18:06:50 UTC
(rev 14417)
+++ trunk/reactos/ntoskrnl/io/buildirp.c	2005-04-01 18:17:47 UTC
(rev 14418)
@@ -37,7 +37,6 @@

 	  (PVOID)ExAllocatePoolWithTag(NonPagedPool,Length,
TAG_SYS_BUF);
 	if (Irp->AssociatedIrp.SystemBuffer==NULL)
 	  {
-	     IoFreeIrp(Irp);
 	     return(STATUS_NOT_IMPLEMENTED);
 	  }
 	/* FIXME: should copy buffer in on other ops */
@@ -121,13 +120,34 @@
    StackPtr->FileObject = NULL;
    StackPtr->CompletionRoutine = NULL;
 
-   if (Buffer != NULL)
+   if (Length > 0)
      {
-	IoPrepareIrpBuffer(Irp,
-			   DeviceObject,
-			   Buffer,
-			   Length,
-			   MajorFunction);
+        NTSTATUS Status = STATUS_SUCCESS;
+
+        _SEH_FILTER(FreeAndGoOn) 
+	  {
+            IoFreeIrp(Irp);
+            return EXCEPTION_CONTINUE_SEARCH;
+          } 
+	_SEH_TRY_FILTER(FreeAndGoOn) 
+	  {
+	    Status = IoPrepareIrpBuffer(Irp,
+			                DeviceObject,
+			                Buffer,
+			                Length,
+			                MajorFunction);
+	  }
+        _SEH_HANDLE
+	  {
+	    KEBUGCHECK(0);
+	  }
+	_SEH_END;
+
+	if (!NT_SUCCESS(Status))
+	  {
+	    IoFreeIrp(Irp);
+	    return NULL;
+	  }
      }
 
    if (MajorFunction == IRP_MJ_READ)
@@ -296,7 +316,27 @@
 					     FALSE,
 					     FALSE,
 					    Irp);
-	     MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoReadAccess);
+	     if (Irp->MdlAddress == NULL)
+	       {
+	         IoFreeIrp(Irp);
+		 return NULL;
+	       }
+
+             _SEH_FILTER(FreeAndGoOn) 
+	       {
+                 IoFreeIrp(Irp);
+                 return EXCEPTION_CONTINUE_SEARCH;
+               } 
+	     _SEH_TRY_FILTER(FreeAndGoOn) 
+	       {
+
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoReadAccess);
+	       }
+             _SEH_HANDLE
+	       {
+	         KEBUGCHECK(0);
+	       }
+             _SEH_END;
+
 	  }
 	break;
 	
@@ -329,7 +369,26 @@
 					     FALSE,
 					     FALSE,
 					    Irp);
-
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoWriteAccess);
+	     if (Irp->MdlAddress == NULL)
+	       {
+	         IoFreeIrp(Irp);
+		 return NULL;
+	       }
+
+             _SEH_FILTER(FreeAndGoOn) 
+	       {
+                 IoFreeIrp(Irp);
+                 return EXCEPTION_CONTINUE_SEARCH;
+               } 
+	     _SEH_TRY_FILTER(FreeAndGoOn) 
+	       {
+
MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoWriteAccess);
+	       }
+             _SEH_HANDLE
+	       {
+	         KEBUGCHECK(0);
+	       }
+	     _SEH_END;
 	  }
 	break;
 	
@@ -352,12 +411,12 @@
  */
 PIRP STDCALL
 IoBuildSynchronousFsdRequest(ULONG MajorFunction,
-				  PDEVICE_OBJECT DeviceObject,
-				  PVOID Buffer,
-				  ULONG Length,
-				  PLARGE_INTEGER StartingOffset,
-				  PKEVENT Event,
-				  PIO_STATUS_BLOCK IoStatusBlock)
+			     PDEVICE_OBJECT DeviceObject,
+			     PVOID Buffer,
+			     ULONG Length,
+			     PLARGE_INTEGER StartingOffset,
+			     PKEVENT Event,
+			     PIO_STATUS_BLOCK IoStatusBlock)
 /*
  * FUNCTION: Allocates and builds an IRP to be sent synchronously to
lower
  * level driver(s)



    