Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-12448

FileSpy forces a bugcheck

    XMLWordPrintable

Details

    • November 2016

    Description

      Bugcheck is raised in fastfat when handling IRP_MJ_QUERY_INFORMATION.

      The FCB is null (FsContext and FsContext2 are both null) and the code makes assumptions that it's valid.

      Initial glance points to a code path where vfatAttachFCBToFileObject isn't called, and it tries to access the FCB later down the call chain

      kd> kb
      		 
       # ChildEBP RetAddr  Args to Child              
      00 f81b5e78 f8ba1c1e b106c378 00000000 00000001 fastfat!VfatQueryInformation+0x76 [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\finfo.c @ 1451]
      		 
      01 f81b5e9c f8ba1af3 b106c378 00000001 00000001 fastfat!VfatDispatchRequest+0xce [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\misc.c @ 140]
      		 
      02 f81b5ec0 80466d0d b11e3018 b0fa6e70 b132ccd8 fastfat!VfatBuildRequest+0xa3 [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\misc.c @ 235]
      		 
      03 f81b5ee8 f8101d3a 000b0635 e1639c10 e16394d8 nt!IofCallDriver+0xad [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\irp.c @ 1225]
      		 
      04 f81b5f38 f8102244 b0fd4038 b11e3018 e1639c10 FSpy!NLPQueryFileSystemForFileName+0xcc [e:\ladik\appdir\filespy\fspy_sys\namelookup.c @ 943]
      		 
      05 f81b5fc4 f80ff8e5 b0fd4038 e16394d8 b0fd6940 FSpy!NLGetFullPathName+0x43c [e:\ladik\appdir\filespy\fspy_sys\namelookup.c @ 677]
      		 
      06 f81b6024 f80ffd6a b0f9f988 b0fd6888 b0fd4038 FSpy!SpySetName+0x18f [e:\ladik\appdir\filespy\fspy_sys\fspyhash.c @ 872]
      		 
      07 f81b6078 f80ff4cb b0fc3008 b0f9f988 b0fc3008 FSpy!SpyLogIrp+0x206 [e:\ladik\appdir\filespy\fspy_sys\fspyhash.c @ 463]
      		 
      08 f81b60a8 f80ff5f9 b0fd6940 b0fc3008 b0fd6940 FSpy!SpyPassThrough+0x4b [e:\ladik\appdir\filespy\fspy_sys\filespy.c @ 1271]
      		 
      09 f81b60c0 80466d0d b0fd6888 b0fc3008 b11195f8 FSpy!SpyDispatch+0x71 [e:\ladik\appdir\filespy\fspy_sys\filespy.c @ 1589]
      		 
      0a f81b60e8 8045a9a6 b1043901 00000000 f81b60f8 nt!IofCallDriver+0xad [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\irp.c @ 1225]
      		 
      0b f81b6118 804d0414 b102d528 b0fd4038 00000001 nt!IopCloseFile+0x166 [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\file.c @ 2001]
      		 
      0c f81b6178 804cfdfe b0fd4038 b102d528 00000001 nt!ObpDecrementHandleCount+0x244 [d:\reactos\branches\trunk\reactos\ntoskrnl\ob\obhandle.c @ 639]
      		 
      0d f81b61a4 804cfa52 e15efe98 e15f2f38 0000079c nt!ObpCloseHandleTableEntry+0x13e [d:\reactos\branches\trunk\reactos\ntoskrnl\ob\obhandle.c @ 767]
      		 
      0e f81b6228 804ce4a3 0000079c 00000000 f81b6274 nt!ObpCloseHandle+0x152 [d:\reactos\branches\trunk\reactos\ntoskrnl\ob\obhandle.c @ 1771]
      		 
      0f f81b6238 80459e50 0000079c 00000000 00000018 nt!ObCloseHandle+0x13 [d:\reactos\branches\trunk\reactos\ntoskrnl\ob\obhandle.c @ 3374]
      		 
      10 f81b6274 80459cc4 00000000 b12bb288 00000000 nt!IoCreateStreamFileObjectEx+0x180 [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\file.c @ 2783]
      		 
      11 f81b6288 f8b9b33a 00000000 b12bb288 b0fd6940 nt!IoCreateStreamFileObject+0x14 [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\file.c @ 2796]
      		 
      12 f81b62d0 f8b9c1db b11e30d0 b0fd7008 001c001c fastfat!vfatFCBInitializeCacheFromVolume+0x3a [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\fcb.c @ 599]
      		 
      13 f81b62f0 f8b9b2c2 b11e30d0 b1225c08 f81b652c fastfat!vfatMakeFCBFromDirEntry+0x8b [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\fcb.c @ 731]
      		 
      14 f81b65c0 f8b9ba55 b11e30d0 b1225c08 f81b67fc fastfat!vfatDirFindFile+0x2a2 [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\fcb.c @ 843]
      		 
      15 f81b6820 f8b94652 b11e30d0 f81b68c8 f81b683c fastfat!vfatGetFCBForFile+0x545 [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\fcb.c @ 1026]
      		 
      16 f81b6840 f8b93daf b11e30d0 f81b68b8 b0fbd670 fastfat!VfatOpenFile+0xa2 [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\create.c @ 431]
      		 
      17 f81b68e0 f8b93944 b11e3018 b0fb34c0 00000001 fastfat!VfatCreateFile+0x43f [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\create.c @ 666]
      		 
      18 f81b68fc f8ba1bce b0fec318 00000000 00000001 fastfat!VfatCreate+0xa4 [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\create.c @ 1044]
      		 
      19 f81b6920 f8ba1af3 b0fec318 00000001 00000001 fastfat!VfatDispatchRequest+0x7e [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\misc.c @ 124]
      		 
      1a f81b6944 80466d0d b11e3018 b0fb34c0 b132ccd8 fastfat!VfatBuildRequest+0xa3 [d:\reactos\branches\trunk\reactos\drivers\filesystems\fastfat\misc.c @ 235]
      		 
      1b f81b696c f80ff533 f81b6d14 010eb024 0016bee8 nt!IofCallDriver+0xad [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\irp.c @ 1225]
      		 
      1c f81b6994 f80ff685 00fd6940 b0fb34c0 f81b69cc FSpy!SpyPassThrough+0xb3 [e:\ladik\appdir\filespy\fspy_sys\filespy.c @ 1327]
      		 
      1d f81b69a4 80466d0d b0fd6888 b0fb34c0 b11195f8 FSpy!SpyCreate+0x81 [e:\ladik\appdir\filespy\fspy_sys\filespy.c @ 1688]
      		 
      1e f81b69cc 8045cef8 00000018 00000000 00000000 nt!IofCallDriver+0xad [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\irp.c @ 1225]
      		 
      1f f81b6af8 804d627a b12bb288 00000000 b131f300 nt!IopParseDevice+0xd58 [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\file.c @ 900]
      		 
      20 f81b6b8c 804cf31b 00000000 f81b6bc0 00000040 nt!ObpLookupObjectName+0x7da [d:\reactos\branches\trunk\reactos\ntoskrnl\ob\obname.c @ 809]
      		 
      21 f81b6be4 8045b3b0 010ef02c 00000000 00000001 nt!ObOpenObjectByName+0x15b [d:\reactos\branches\trunk\reactos\ntoskrnl\ob\obhandle.c @ 2602]
      		 
      22 f81b6c6c 80459c36 010ef08c 00100001 010ef02c nt!IopCreateFile+0x9a0 [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\file.c @ 2477]
      		 
      23 f81b6cb4 8045e672 010ef08c 00100001 010ef02c nt!IoCreateFile+0x46 [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\file.c @ 2647]
      		 
      24 f81b6cf4 805060bb 010ef08c 00100001 010ef02c nt!NtOpenFile+0x32 [d:\reactos\branches\trunk\reactos\ntoskrnl\io\iomgr\file.c @ 3530]
      		 
      25 f81b6d1c 8050447f 8045e640 010eb00c 00000018 nt!KiSystemCallTrampoline+0x1b [d:\reactos\branches\trunk\reactos\ntoskrnl\include\internal\i386\ke.h @ 742]
      		 
      26 f81b6d5c 80403e23 010ef0a8 7c92c46e badb0d00 nt!KiSystemServiceHandler+0x22f [d:\reactos\branches\trunk\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1738]
      		 
      27 f81b6d5c 7c92c46e 010ef0a8 7c92c46e badb0d00 nt!KiFastCallEntry+0x8c
      		 
      28 010eb000 7c95213e 7c78b618 010ef08c 00100001 ntdll!KiFastSystemCallRet
      		 
      29 010eb004 7c78b618 010ef08c 00100001 010ef02c ntdll!NtOpenFile+0xc
      		 
      2a 010ef0a8 7c78b9ca 010ef0d8 00000000 010ef2e0 kernel32!FindFirstFileExW+0x248 [d:\reactos\branches\trunk\reactos\dll\win32\kernel32\client\file\find.c @ 788]
      		 
      2b 010ef0c8 7b5e04c6 010ef0d8 010ef2e0 003a0043 kernel32!FindFirstFileW+0x1a [d:\reactos\branches\trunk\reactos\dll\win32\kernel32\client\file\find.c @ 326]
      		 
      2c 010ef54c 7b5f9fd5 0019a530 00000020 010ef59c shell32!CEnumIDListBase::CreateFolderEnumList+0xd6 [d:\reactos\branches\trunk\reactos\dll\win32\shell32\cenumidlistbase.cpp @ 149]
      		 
      2d 010ef55c 7b5f877f 0019a920 0019a530 00000020 shell32!CFileSysEnum::Initialize+0x15 [d:\reactos\branches\trunk\reactos\dll\win32\shell32\folders\cfsfolder.cpp @ 63]
      		 
      2e 010ef59c 7b5f914e 0019a530 00000020 7b699880 shell32!ShellObjectCreatorInit<CFileSysEnum,wchar_t *,unsigned long,IEnumIDList>+0xff [d:\reactos\branches\trunk\reactos\sdk\include\reactos\shellutils.h @ 398]
      		 
      2f 010ef5b4 7b6161ef 00195b70 00000000 00000020 shell32!CFSFolder::EnumObjects+0x1e [d:\reactos\branches\trunk\reactos\dll\win32\shell32\folders\cfsfolder.cpp @ 256]
      		 
      30 010ef6e8 7b5f935f 001952d8 0019a4c8 010ef980 shell32!SHELL32_GetFSItemAttributes+0x22f [d:\reactos\branches\trunk\reactos\dll\win32\shell32\shlfolder.cpp @ 424]
      		 
      31 010ef708 7a0c951d 001952d8 00000001 010ef99c shell32!CFSFolder::GetAttributesOf+0x19f [d:\reactos\branches\trunk\reactos\dll\win32\shell32\folders\cfsfolder.cpp @ 437]
      		 
      32 010ef988 7a0c9aa6 00195388 001952d8 00195ae0 browseui!CExplorerBand::InsertItem+0x2d [d:\reactos\branches\trunk\reactos\dll\win32\browseui\explorerband.cpp @ 334]
      		 
      33 010ef9f0 7a0c9f83 00195388 00195310 00000040 browseui!CExplorerBand::InsertSubitems+0x2c6 [d:\reactos\branches\trunk\reactos\dll\win32\browseui\explorerband.cpp @ 455]
      		 
      34 010efa48 7a0c9df7 00163e90 010efa64 00000001 browseui!CExplorerBand::NavigateToPIDL+0x163 [d:\reactos\branches\trunk\reactos\dll\win32\browseui\explorerband.cpp @ 526]
      		 
      35 010efa8c 7a0c937a 00060132 fffffffc 00174f70 browseui!CExplorerBand::NavigateToCurrentFolder+0x147 [d:\reactos\branches\trunk\reactos\dll\win32\browseui\explorerband.cpp @ 594]
      		 
      36 010efab8 7a0cab3f 00060132 00000000 001b00c8 browseui!CExplorerBand::InitializeExplorerBand+0x1ca [d:\reactos\branches\trunk\reactos\dll\win32\browseui\explorerband.cpp @ 81]
      		 
      37 010efad0 7a0baedb 00174e94 001591f4 00000001 browseui!CExplorerBand::SetSite+0x18f [d:\reactos\branches\trunk\reactos\dll\win32\browseui\explorerband.cpp @ 737]
      		 
      38 010efdd0 7a0ba7f3 00174eb4 00000001 010efe08 browseui!CBaseBarSite::InsertBar+0x2db [d:\reactos\branches\trunk\reactos\dll\win32\browseui\basebarsite.cpp @ 212]
      		 
      39 010efde0 7c355d58 001591f8 7a0f193c 00000001 browseui!CBaseBarSite::Exec+0x53 [d:\reactos\branches\trunk\reactos\dll\win32\browseui\basebarsite.cpp @ 490]
      		 
      3a 010efe08 7a0da9e1 001591f4 7a0f193c 00000001 shlwapi!IUnknown_Exec+0xb8 [d:\reactos\branches\trunk\reactos\dll\win32\shlwapi\ordinal.c @ 1031]
      		 
      3b 010efe94 7a0d6571 7a0f171c 00000001 7a0b2d6a browseui!CShellBrowser::ShowBand+0x551 [d:\reactos\branches\trunk\reactos\dll\win32\browseui\shellbrowser.cpp @ 1264]
      		 
      3c 010efee8 7a0d18f1 00187010 00000020 010eff10 browseui!CShellBrowser::Initialize+0x431 [d:\reactos\branches\trunk\reactos\dll\win32\browseui\shellbrowser.cpp @ 792]
      		 
      3d 010eff20 7a0d3a8a 00187010 00000020 7a0f185c browseui!ShellObjectCreatorInit<CShellBrowser,_ITEMIDLIST *,unsigned long>+0xe1 [d:\reactos\branches\trunk\reactos\sdk\include\reactos\shellutils.h @ 325]
      		 
      3e 010eff38 7a0c6e38 00187010 00000020 7a0f185c browseui!CShellBrowser_CreateInstance+0x1a [d:\reactos\branches\trunk\reactos\dll\win32\browseui\shellbrowser.cpp @ 3716]
      		 
      3f 010effa8 7a0c6c5c 0016bee8 0016bee8 010effec browseui!ExplorerMessageLoop+0xb8 [d:\reactos\branches\trunk\reactos\dll\win32\browseui\desktopipc.cpp @ 374]
      		 
      40 010effb8 7c779584 0016bee8 00000000 00000000 browseui!BrowserThreadProc+0x1c [d:\reactos\branches\trunk\reactos\dll\win32\browseui\desktopipc.cpp @ 432]
      		 
      41 010effec 00000000 7a0c6c40 0016bee8 00000000 kernel32!BaseThreadStartup+0x54 [d:\reactos\branches\trunk\reactos\dll\win32\kernel32\client\thread.c @ 69]
      		 
      .dump /m D:\ReactOS\filespytest\filespy.dmp

      Attachments

        Activity

          People

            Heis Spiter Pierre Schweitzer
            Ged Ged
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: