[arty] 28415: Fix part two of the bug: The actual problem was that we'd overrun the end of the handle count array when decrementing. This also led to a handle leak (observed). Stop correctly when we find the handle we want. - Ros-diffs

19 Aug 2007

Author: arty
Date: Sun Aug 19 09:02:31 2007
New Revision: 28415

URL: http://svn.reactos.org/svn/reactos?rev=28415&view=rev
Log:
Fix part two of the bug:

The actual problem was that we'd overrun the end of the handle count array
when decrementing.  This also led to a handle leak (observed).  Stop correctly
when we find the handle we want.

Modified:
    trunk/reactos/ntoskrnl/ob/obhandle.c

Modified: trunk/reactos/ntoskrnl/ob/obhandle.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ob/obhandle.c?rev…
==============================================================================

--- trunk/reactos/ntoskrnl/ob/obhandle.c (original)
+++ trunk/reactos/ntoskrnl/ob/obhandle.c Sun Aug 19 09:02:31 2007
@@ -331,6 +331,8 @@
             /* Insert a new entry */
             FreeEntry = ObpInsertHandleCount(ObjectHeader);
             if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
+	    ASSERT(!FreeEntry->Process);
+	    ASSERT(!FreeEntry->HandleCount);
 
             /* Fill it out */
             FreeEntry->Process = Process;
@@ -375,6 +377,8 @@
             /* Allocate one */
             FreeEntry = ObpInsertHandleCount(ObjectHeader);
             if (!FreeEntry) return STATUS_INSUFFICIENT_RESOURCES;
+	    ASSERT(!FreeEntry->Process);
+	    ASSERT(!FreeEntry->HandleCount);
         }
 
         /* Fill out the entry */
@@ -533,6 +537,7 @@
                     {
                         /* Found it, get the process handle count */
                         ProcessHandleCount = HandleEntry->HandleCount--;
+			break;
                     }
 
                     /* Keep looping */



    