Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-12970

Incorrect handling of allocated buffer

    XMLWordPrintable

Details

    • March 2017
    • 73,892

    Description

      Unless I made a prior mistake implementors have corrected, or my eyes/mind are currently misleading me...

      Regarding changes in drivers\usb\usbstor\pdo.c ...

      The patch from that issue was incorrectly interpreted/applied.  'OutData' is an OUT' parameter.

      The ExFreePoolWithTag(Request->DataBuffer)  in USBSTOR_SendIrp()  should be subject to an 'else' and only executed when the preceding IoCallDriver () is a failure AND Request->DataBuffer is NOT passed back out via *OutData.

      As currently implemented, that buffer is being free in SUCCESS situations where clients of USBSTOR_SendIrp() expect to use it (i.e. outside of USBSTOR_SendIrp() via actual parameter passed to 'OutData'), and those clients eventually will likely reference it AND perform a free on it as well.

      Please review the original patch to see the 'else' placement originally intended.

       

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. CORE-13045 BSOD when USBSTOR_SendFormatCapacityIrp free Response output buffer

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. CORE-12816 incorrect handling of allocated buffer with error paths

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              ThFabba ThFabba
              curiousone curiousone
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: