[sir_richard] 49169: [RTL]: Fix a bug introduced Mon Dec 6 00:25:14 1999 UTC (10 years, 10 months ago) in revision 828. NtFreeVirtualMemory takes a pointer to the address to free, not the address i... - Ros-diffs

16 Oct 2010

Author: sir_richard
Date: Sat Oct 16 14:20:30 2010
New Revision: 49169

URL: http://svn.reactos.org/svn/reactos?rev=49169&view=rev
Log:
[RTL]: Fix a bug introduced Mon Dec 6 00:25:14 1999 UTC (10 years, 10 months ago) in
revision 828. NtFreeVirtualMemory takes a pointer to the address to free, not the address
instead. For the last 11 years, freeing the process parameter block resulted in freeing
whatever the first value in the structure is, which is MaximumLength and initialized to
0x1000. ReactOS would then free whatever random address was in that area. In real Windows,
it is illegal to free an allocation in the middle of the base address, and this call
failed with the new VAD code. ReactOS either leaked the memory or freed random data, who
knows.
[RTL]: Make the PPB live in the Heap instead of having its own virtual allocation, fixing
the issue above. Stop rounding it to a PAGE_SIZE, and just use the space required.

Modified:
    trunk/reactos/lib/rtl/ppb.c

Modified: trunk/reactos/lib/rtl/ppb.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/ppb.c?rev=49169&am…
==============================================================================

--- trunk/reactos/lib/rtl/ppb.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/ppb.c [iso-8859-1] Sat Oct 16 14:20:30 2010
@@ -53,9 +53,7 @@
 			   PUNICODE_STRING ShellInfo,
 			   PUNICODE_STRING RuntimeData)
 {
-   NTSTATUS Status = STATUS_SUCCESS;
    PRTL_USER_PROCESS_PARAMETERS Param = NULL;
-   SIZE_T RegionSize = 0;
    ULONG Length = 0;
    PWCHAR Dest;
    UNICODE_STRING EmptyString;
@@ -121,23 +119,16 @@
    Length += ALIGN(RuntimeData->MaximumLength, sizeof(ULONG));
 
    /* Calculate the required block size */
-   RegionSize = ROUND_UP(Length, PAGE_SIZE);
-
-   Status = ZwAllocateVirtualMemory(NtCurrentProcess(),
-				    (PVOID*)&Param,
-				    0,
-				    &RegionSize,
-				    MEM_RESERVE | MEM_COMMIT,
-				    PAGE_READWRITE);
-   if (!NT_SUCCESS(Status))
+   Param = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
+   if (!Param)
      {
 	RtlReleasePebLock();
-	return Status;
+	return STATUS_INSUFFICIENT_RESOURCES;
      }
 
    DPRINT ("Process parameters allocated\n");
 
-   Param->MaximumLength = RegionSize;
+   Param->MaximumLength = Length;
    Param->Length = Length;
    Param->Flags = RTL_USER_PROCESS_PARAMETERS_NORMALIZED;
    Param->Environment = Environment;
@@ -219,15 +210,12 @@
 /*
  * @implemented
  */
-NTSTATUS NTAPI
-RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
-{
-   SIZE_T RegionSize = 0;
-
-   return ZwFreeVirtualMemory (NtCurrentProcess (),
-			(PVOID)ProcessParameters,
-			&RegionSize,
-			MEM_RELEASE);
+NTSTATUS
+NTAPI
+RtlDestroyProcessParameters(IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters)
+{
+   RtlFreeHeap(RtlGetProcessHeap(), 0, ProcessParameters);
+   return STATUS_SUCCESS;
 }
 
 /*



    