Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-16085

fastfat: Pool corruption after unexpected device deletion (x64)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      This is what happens:

      • usetup formats the volume
      • usetup closes the volume (calls NtClose)
      • the kernel closes the handle and calls IopCloseFile
      • IopCloseFile sends an IRP to vfat, calling VfatCleanup
      • VfatCleanup acquires the resource DeviceExt->DirResource
      • VfatCleanup calls VfatCleanupFile
      • VfatCleanupFile calls VfatCheckForDismount
      • VfatCheckForDismount calls IoDeleteDevice(DeviceExt->VolumeDevice);
      • IoDeleteDevice calls IopUnloadDevice
      • IopUnloadDevice deletes the device and frees the device extension
      • back to VfatCleanup, the resource is released, but it has already been freed

      The issue could be related to the "UnCleanCount hack in VfatCheckForDismount, where a reference count of 3 prevents the device from being deleted.

        Attachments

          Activity

            People

            • Assignee:
              bug zilla Bug Zilla
              Reporter:
              ThePhysicist Timo Kreuzer
            • Votes:
              3 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: