Details
-
Bug
-
Resolution: Fixed
-
Major
-
April 2017
Description
When USBSTOR_SendInquiryIrp or USBSTOR_SendFormatCapacityIrp is called, it use USBSTOR_SendIrp which allocates an IRP and a MDL for Request->DataBuffer and set Irp->MdlAddress with that MDL address.
But before sending request for processing, USBSTOR_SendRequest will once again allocate a MDL for the buffer that represent the request, since this is not a SCSIOP_READ or a SCSIOP_WRITE command.
When request is complete, the MDL allocated by SBSTOR_SendRequest will be freed. Normaly IoCompleteRequest should free the Irp->MdlAddress(if all completion routines are called), but since we resume processing the IRP(USBSTOR_CompletionRoutine will return STATUS_MORE_PROCESSING_REQUIRED) and after that we call IoFreeIrp on the request IRP for which documentation says that does't free any IRP MDL, the MDL never get released.
Also I attached a patch as a possible fix.
Any suggestions?.