Author: sginsberg Date: Wed Jul 15 20:35:31 2009 New Revision: 41985

URL: http://svn.reactos.org/svn/reactos?rev=41985&view=rev Log: - Hey Arch, did you know MmpDeleteSection can be called for a Section Object before it is fully set up (when ObDereferenceObject is called before all fields are initialized), and it will now crash due to a bogus, nonintialized Segment/ImageSection pointer? Always zero out the whole buffer to prevent this. Fixes the kernel32 loader Winetest.

Modified: trunk/reactos/ntoskrnl/mm/section.c

Modified: trunk/reactos/ntoskrnl/mm/section.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/mm/section.c?rev=4... ============================================================================== --- trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/mm/section.c [iso-8859-1] Wed Jul 15 20:35:31 2009 @@ -2375,12 +2375,9 @@ /* * Initialize it */ - Section->Type = 0; - Section->Size = 0; + RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT)); Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes; - Section->Segment = NULL; - Section->FileObject = NULL; Section->MaximumSize = MaximumSize; Segment = ExAllocatePoolWithTag(NonPagedPool, sizeof(MM_SECTION_SEGMENT), TAG_MM_SECTION_SEGMENT); @@ -2449,11 +2446,9 @@ /* * Initialize it */ - Section->Type = 0; - Section->Size = 0; + RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT)); Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes; - Section->Segment = NULL;

/* * Check file access required @@ -3377,9 +3372,7 @@ /* * Initialize it */ - Section->Type = 0; - Section->Size = 0; - Section->MaximumSize.QuadPart = 0; + RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT)); Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes;