[fireball] 35836: - Fix two major problems in CmpCleanUpKcbCacheWithLock: * Accessing (reading and writing - corruption!) freed paged pool memory. * Lacking a dereference of a parent key. - Fix a typo in the comment ("reference" -> "dereference").
Author: fireball Date: Sun Aug 31 11:24:29 2008 New Revision: 35836
URL: http://svn.reactos.org/svn/reactos?rev=35836&view=rev Log: - Fix two major problems in CmpCleanUpKcbCacheWithLock: * Accessing (reading and writing - corruption!) freed paged pool memory. * Lacking a dereference of a parent key. - Fix a typo in the comment ("reference" -> "dereference").
Modified: trunk/reactos/ntoskrnl/config/cmkcbncb.c
Modified: trunk/reactos/ntoskrnl/config/cmkcbncb.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmkcbncb.c?... ============================================================================== --- trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] Sun Aug 31 11:24:29 2008 @@ -483,7 +483,7 @@ /* Cleanup the value cache */ CmpCleanUpKcbValueCache(Kcb);
- /* Reference the NCB */ + /* Dereference the NCB */ CmpDereferenceNameControlBlockWithLock(Kcb->NameBlock);
/* Check if we have an index hint block and free it */ @@ -492,10 +492,10 @@ /* Check if we were already deleted */ Parent = Kcb->ParentKcb; if (!Kcb->Delete) CmpRemoveKeyControlBlock(Kcb); - + /* Set invalid KCB signature */ Kcb->Signature = CM_KCB_INVALID_SIGNATURE; - + /* Free the KCB as well */ CmpFreeKeyControlBlock(Kcb);
@@ -504,8 +504,8 @@ { /* Dereference the parent */ LockHeldExclusively ? - CmpDereferenceKeyControlBlockWithLock(Kcb,LockHeldExclusively) : - CmpDelayDerefKeyControlBlock(Kcb); + CmpDereferenceKeyControlBlockWithLock(Parent,LockHeldExclusively) : + CmpDelayDerefKeyControlBlock(Parent); } }
-
fireball@svn.reactos.org