[fireball] 35836: - Fix two major problems in CmpCleanUpKcbCacheWithLock: * Accessing (reading and writing - corruption!) freed paged pool memory. * Lacking a dereference of a parent key. - Fix a typo in the comment ("reference" -> "dereference"). - Ros-diffs

31 Aug 2008

Author: fireball
Date: Sun Aug 31 11:24:29 2008
New Revision: 35836

URL: http://svn.reactos.org/svn/reactos?rev=35836&view=rev
Log:
- Fix two major problems in CmpCleanUpKcbCacheWithLock:
 * Accessing (reading and writing - corruption!) freed paged pool memory.
 * Lacking a dereference of a parent key.
- Fix a typo in the comment ("reference" -> "dereference").

Modified:
    trunk/reactos/ntoskrnl/config/cmkcbncb.c

Modified: trunk/reactos/ntoskrnl/config/cmkcbncb.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/config/cmkcbncb.c…
==============================================================================

--- trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] (original)
+++ trunk/reactos/ntoskrnl/config/cmkcbncb.c [iso-8859-1] Sun Aug 31 11:24:29 2008
@@ -483,7 +483,7 @@
     /* Cleanup the value cache */
     CmpCleanUpKcbValueCache(Kcb);
 
-    /* Reference the NCB */
+    /* Dereference the NCB */
     CmpDereferenceNameControlBlockWithLock(Kcb->NameBlock);
 
     /* Check if we have an index hint block and free it */
@@ -492,10 +492,10 @@
     /* Check if we were already deleted */
     Parent = Kcb->ParentKcb;
     if (!Kcb->Delete) CmpRemoveKeyControlBlock(Kcb);
-    
+
     /* Set invalid KCB signature */
     Kcb->Signature = CM_KCB_INVALID_SIGNATURE;
-    
+
     /* Free the KCB as well */
     CmpFreeKeyControlBlock(Kcb);
 
@@ -504,8 +504,8 @@
     {
         /* Dereference the parent */
         LockHeldExclusively ?
-            CmpDereferenceKeyControlBlockWithLock(Kcb,LockHeldExclusively) :
-            CmpDelayDerefKeyControlBlock(Kcb);
+            CmpDereferenceKeyControlBlockWithLock(Parent,LockHeldExclusively) :
+            CmpDelayDerefKeyControlBlock(Parent);
     }
 }
 


    