Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-12970

Incorrect handling of allocated buffer

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Fix Version/s: 0.4.5
    • Component/s: USB
    • Labels:
    • Module:
    • Sprint:
      March 2017
    • Guilty Revision:
      73,892

      Description

      Unless I made a prior mistake implementors have corrected, or my eyes/mind are currently misleading me...

      Regarding changes in drivers\usb\usbstor\pdo.c ...

      The patch from that issue was incorrectly interpreted/applied.  'OutData' is an OUT' parameter.

      The ExFreePoolWithTag(Request->DataBuffer)  in USBSTOR_SendIrp()  should be subject to an 'else' and only executed when the preceding IoCallDriver () is a failure AND Request->DataBuffer is NOT passed back out via *OutData.

      As currently implemented, that buffer is being free in SUCCESS situations where clients of USBSTOR_SendIrp() expect to use it (i.e. outside of USBSTOR_SendIrp() via actual parameter passed to 'OutData'), and those clients eventually will likely reference it AND perform a free on it as well.

      Please review the original patch to see the 'else' placement originally intended.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ThFabba Thomas Faber
                Reporter:
                curiousone curiousone
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: