https://git.reactos.org/?p=reactos.git;a=commitdiff;h=4f8bbd141e9ba1719daeb… commit 4f8bbd141e9ba1719daebf61d6ef940e51d427fa Author: Tuur Martens <tuurmartens4(a)gmail.com> AuthorDate: Tue May 17 12:06:28 2022 +0200 Commit: George Bișoc <george.bisoc(a)reactos.org> CommitDate: Wed May 18 12:31:31 2022 +0200 [NTOS:MM] Fix memory leak in MiMapViewOfDataSection If inserting the allocated VAD fails, MiMapViewOfDataSection will make no attempt to free the allocated VAD. Nor will it call MiDereferenceControlArea(ControlArea); like other failure return paths. This commit fixes this behavior. Co-authored-by: Hermès BÉLUSCA - MAÏTO <hermes.belusca-maito(a)reactos.org> --- ntoskrnl/mm/ARM3/section.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ntoskrnl/mm/ARM3/section.c b/ntoskrnl/mm/ARM3/section.c index 40d942f7703..ad20d01e093 100644 --- a/ntoskrnl/mm/ARM3/section.c +++ b/ntoskrnl/mm/ARM3/section.c @@ -1494,6 +1494,11 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea, if (!NT_SUCCESS(Status)) { ExFreePoolWithTag(Vad, 'ldaV'); + MiDereferenceControlArea(ControlArea); + + KeAcquireGuardedMutex(&MmSectionCommitMutex); + Segment->NumberOfCommittedPages -= QuotaCharge; + KeReleaseGuardedMutex(&MmSectionCommitMutex); return Status; } @@ -1506,6 +1511,13 @@ MiMapViewOfDataSection(IN PCONTROL_AREA ControlArea, AllocationType); if (!NT_SUCCESS(Status)) { + ExFreePoolWithTag(Vad, 'ldaV'); + MiDereferenceControlArea(ControlArea); + + KeAcquireGuardedMutex(&MmSectionCommitMutex); + Segment->NumberOfCommittedPages -= QuotaCharge; + KeReleaseGuardedMutex(&MmSectionCommitMutex); + PsReturnProcessNonPagedPoolQuota(PsGetCurrentProcess(), sizeof(MMVAD_LONG)); return Status; }