Author: dchapyshev Date: Sat Sep 3 15:49:55 2016 New Revision: 72548 URL: http://svn.reactos.org/svn/reactos?rev=72548&view=rev Log: [NTOS:IO] - Fix potential null-pointer dereferencing (we call IopCleanupAfterException in IopDeviceFsIoControl with Irp == NULL) Modified: trunk/reactos/ntoskrnl/io/iomgr/iofunc.c Modified: trunk/reactos/ntoskrnl/io/iomgr/iofunc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/io/iomgr/iofunc.c… ============================================================================== --- trunk/reactos/ntoskrnl/io/iomgr/iofunc.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/io/iomgr/iofunc.c [iso-8859-1] Sat Sep 3 15:49:55 2016 @@ -22,25 +22,28 @@ VOID NTAPI IopCleanupAfterException(IN PFILE_OBJECT FileObject, - IN PIRP Irp, + IN PIRP Irp OPTIONAL, IN PKEVENT Event OPTIONAL, IN PKEVENT LocalEvent OPTIONAL) { PAGED_CODE(); IOTRACE(IO_API_DEBUG, "IRP: %p. FO: %p \n", Irp, FileObject); - /* Check if we had a buffer */ - if (Irp->AssociatedIrp.SystemBuffer) - { - /* Free it */ - ExFreePool(Irp->AssociatedIrp.SystemBuffer); - } - - /* Free the mdl */ - if (Irp->MdlAddress) IoFreeMdl(Irp->MdlAddress); - - /* Free the IRP */ - IoFreeIrp(Irp); + if (Irp) + { + /* Check if we had a buffer */ + if (Irp->AssociatedIrp.SystemBuffer) + { + /* Free it */ + ExFreePool(Irp->AssociatedIrp.SystemBuffer); + } + + /* Free the mdl */ + if (Irp->MdlAddress) IoFreeMdl(Irp->MdlAddress); + + /* Free the IRP */ + IoFreeIrp(Irp); + } /* Check if we had a file lock */ if (FileObject->Flags & FO_SYNCHRONOUS_IO)