Details
-
Bug
-
Resolution: Won't Fix
-
Major
-
None
-
None
-
None
Description
svn R74221
drivers\storage\class\disk\disk.c:CreatePartitionDeviceObjects() starting to look in that routine where IoReadPartitionTable() is called.
if the conditions are met for
if ((!NT_SUCCESS(status) || partitionList->PartitionCount == 0) &&
PhysicalDeviceObject->Characteristics & FILE_REMOVABLE_MEDIA) {
then if was NT_SUCCESS() and PartitionCount==0, and then subsequent partitionList allocation attempt fails, code checks for the failure but does NOT report insufficient resources, and will continue. In the next if(NT_SUCCESS(status) block, since there was an earlier success but zerolength partition list (now freed) and status still holds that success value from IoReadPartitionTable() (although partitionList is NULL from failure), flow will continue into that if() block and immediately attempt to reference partitionList->Signature, and presumably fail due to NULL pointer (de-)reference attempt.
Possible solution is after the
partitionList = ExAllocatePool(NonPagedPool, sizeof(*partitionList));
if (partitionList != NULL) {
}
block to add
else
{
status = STATUS_INSUFFICIENT_RESOURCES;
goto CreatePartitionDeviceObjectsExit;
}
Attachments
Issue Links
- is blocked by
-
-
- Resolved
-