Uploaded image for project: 'Core ReactOS'
  1. Core ReactOS
  2. CORE-8733

Fastfat FCB double free when running shell32:shlfolder

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Fix Version/s: 0.4.0
    • Component/s: Drivers: Filesystems
    • Labels:
      None

      Description

      System uptime 42.75 seconds
      (..\..\ntoskrnl\se\accesschk.c:253) HACK: RemainingAccess = 0x00000112  DesiredAccess = 0x0010019b
      err:(..\..\dll\win32\rpcrt4\ndr_stubless.c:305) null context handle isn't allowed
      Running Wine Test, Module: shell32, Test: shlfolder
      fixme:(..\..\dll\win32\shdocvw\shdocvw_main.c:457) stub: 0x0 L"http:\\yyy" 00000000 0012FBF0
      fixme:(..\..\dll\win32\shdocvw\shdocvw_main.c:457) stub: 0x0 L"xx:yyy" 00000000 0012FBF0
      shlfolder.c:3784: Test failed: failed 80070057
      shlfolder.c:3790: Test failed: expected equal idls
      shlfolder.c:3798: Test failed: failed 80070057
      shlfolder.c:3803: Test failed: expected equal idls
      Assertion 'pFCB->RefCount > 0' failed at ..\..\drivers\filesystems\fastfat\fcb.c line 321
      Break instruction exception - code 80000003 (first chance)
      nt!DbgUserBreakPoint:
      8055c442 cc              int     3
      kd> !pool 0xf3c4ce18
      Pool page f3c4ce18 region is Special pool
      *f3c4c000 size:  1e8 data: f3c4ce18 (NonPaged) *VFCB
      		Owning component : Unknown (update pooltag.txt)
      kd> kp
      ChildEBP RetAddr  
      f31d0ad0 8054ec96 nt!DbgUserBreakPoint
      f31d0ad8 f8b8acfd nt!RtlAssert(void * FailedAssertion = 0xf8b9b978, void * FileName = 0xf8b9b950, unsigned long LineNumber = 0x141, char * Message = 0x00000000 "")+0x46 [c:\ros\reactos-clean\reactos\lib\rtl\assert.c @ 119]
      f31d0b04 f8b8158d fastfat!vfatReleaseFCB_(struct DEVICE_EXTENSION * pVCB = 0xb11760d0, struct _VFATFCB * pFCB = 0xf3c4ce18, char * Function = 0xf8b99cc8 "VfatCloseFile", char * File = 0xf8b99c9c "..\..\drivers\filesystems\fastfat\close.c", int Line = 0x49)+0xbd [c:\ros\reactos-clean\reactos\drivers\filesystems\fastfat\fcb.c @ 321]
      f31d0b30 f8b8167d fastfat!VfatCloseFile(struct DEVICE_EXTENSION * DeviceExt = 0xb11760d0, struct _FILE_OBJECT * FileObject = 0xb0fdc4c8)+0x17d [c:\ros\reactos-clean\reactos\drivers\filesystems\fastfat\close.c @ 73]
      f31d0b48 f8b92ea0 fastfat!VfatClose(struct VFAT_IRP_CONTEXT * IrpContext = 0xb114b7e0)+0x9d [c:\ros\reactos-clean\reactos\drivers\filesystems\fastfat\close.c @ 116]
      f31d0b64 f8b92da8 fastfat!VfatDispatchRequest(struct VFAT_IRP_CONTEXT * IrpContext = 0xb114b7e0)+0xc0 [c:\ros\reactos-clean\reactos\drivers\filesystems\fastfat\misc.c @ 119]
      f31d0b84 80486440 fastfat!VfatBuildRequest(struct _DEVICE_OBJECT * DeviceObject = 0xb1176018, struct _IRP * Irp = 0xb0ffdd18)+0xf8 [c:\ros\reactos-clean\reactos\drivers\filesystems\fastfat\misc.c @ 181]
      f31d0bac 8047739f nt!IofCallDriver(struct _DEVICE_OBJECT * DeviceObject = 0xb1176018, struct _IRP * Irp = 0xb0ffdd18)+0xc0 [c:\ros\reactos-clean\reactos\ntoskrnl\io\iomgr\irp.c @ 1208]
      f31d0bf8 8050541b nt!IopDeleteFile(void * ObjectBody = 0xb0fdc4c8)+0x1df [c:\ros\reactos-clean\reactos\ntoskrnl\io\iomgr\file.c @ 1015]
      f31d0c2c 8050a30d nt!ObpDeleteObject(void * Object = 0xb0fdc4c8, unsigned char CalledFromWorkerThread = 0x00 '')+0x1db [c:\ros\reactos-clean\reactos\ntoskrnl\ob\oblife.c @ 211]
      f31d0c4c 80500da8 nt!ObfDereferenceObject(void * Object = 0xb0fdc4c8)+0xcd [c:\ros\reactos-clean\reactos\ntoskrnl\ob\obref.c @ 239]
      f31d0c74 80502054 nt!ObpCloseHandleTableEntry(struct _HANDLE_TABLE * HandleTable = 0xe1b88640, struct _HANDLE_TABLE_ENTRY * HandleEntry = 0xe1b8e070, void * Handle = 0x00000038, char AccessMode = 0n1 '', unsigned char IgnoreHandleProtection = 0x00 '')+0x1e8 [c:\ros\reactos-clean\reactos\ntoskrnl\ob\obhandle.c @ 759]
      f31d0cf0 80503d45 nt!ObpCloseHandle(void * Handle = 0x00000038, char AccessMode = 0n1 '')+0x1c4 [c:\ros\reactos-clean\reactos\ntoskrnl\ob\obhandle.c @ 1749]
      f31d0d00 8053fcb9 nt!NtClose(void * Handle = 0x00000038)+0x15 [c:\ros\reactos-clean\reactos\ntoskrnl\ob\obhandle.c @ 3298]
      f31d0d14 8053f7cd nt!KiSystemCallTrampoline(void * Handler = 0x80503d30, void * Arguments = 0x0012f9f0, unsigned long StackBytes = 4)+0x19 [c:\ros\reactos-clean\reactos\ntoskrnl\include\internal\i386\ke.h @ 725]
      f31d0d5c 80403e03 nt!KiSystemServiceHandler(struct _KTRAP_FRAME * TrapFrame = 0xf31d0d64, void * Arguments = 0x0012f9f0)+0x23d [c:\ros\reactos-clean\reactos\ntoskrnl\ke\i386\traphdlr.c @ 1707]
      f31d0d5c 7c92fbce nt!KiFastCallEntry+0x8c
      0012f9e4 7c95a951 ntdll!KiFastSystemCallRet
      0012f9e8 77db7994 ntdll!ZwClose+0xc
      0012faa8 77db739f kernel32!RemoveDirectoryW(wchar_t * lpPathName = 0x7ffdfc00 ".\testdir\test.txt")+0x5d4 [c:\ros\reactos-clean\reactos\dll\win32\kernel32\client\file\dir.c @ 973]
      0012fab8 0043c0eb kernel32!RemoveDirectoryA(char * lpPathName = 0x004947e8 ".\testdir\test.txt")+0x2f [c:\ros\reactos-clean\reactos\dll\win32\kernel32\client\file\dir.c @ 752]
      0012fac4 0043d033 shell32_winetest!Cleanup(void)+0x2b [c:\ros\reactos-clean\reactos\modules\rostests\winetests\shell32\shlfolder.c @ 353]
      0012fe1c 004375b3 shell32_winetest!test_EnumObjects_and_CompareIDs(void)+0x223 [c:\ros\reactos-clean\reactos\modules\rostests\winetests\shell32\shlfolder.c @ 1387]
      0012fe24 00454074 shell32_winetest!func_shlfolder(void)+0x23 [c:\ros\reactos-clean\reactos\modules\rostests\winetests\shell32\shlfolder.c @ 4749]
      0012fe40 00453f08 shell32_winetest!run_test(char * name = 0x00131fe8 "shlfolder")+0xa4 [c:\ros\reactos-clean\reactos\include\reactos\wine\test.h @ 615]
      0012fedc 00454e3c shell32_winetest!main(int argc = 2, char ** argv = 0x001377b0)+0x188 [c:\ros\reactos-clean\reactos\include\reactos\wine\test.h @ 671]
      0012ffb4 00454b76 shell32_winetest!__tmainCRTStartup(void)+0x2ac [c:\ros\reactos-clean\reactos\lib\sdk\crt\startup\crtexe.c @ 310]
      0012ffc0 77d93909 shell32_winetest!mainCRTStartup(void)+0x26 [c:\ros\reactos-clean\reactos\lib\sdk\crt\startup\crtexe.c @ 196]
      0012fff0 00000000 kernel32!BaseProcessStartup(<function> * lpStartAddress = 0x00454b50)+0x69 [c:\ros\reactos-clean\reactos\dll\win32\kernel32\client\proc.c @ 478]
      kd> ?? pFCB
      struct _VFATFCB * 0xf3c4ce18
         +0x000 RFCB             : _FSRTL_COMMON_FCB_HEADER
         +0x028 SectionObjectPointers : _SECTION_OBJECT_POINTERS
         +0x034 MainResource     : _ERESOURCE
         +0x06c PagingIoResource : _ERESOURCE
         +0x0a4 entry            : _DIR_ENTRY
         +0x0e4 Attributes       : 0xf3c4cec7  "???"
         +0x0e8 LongNameU        : _UNICODE_STRING "--- memory read error at address 0xf3c52fec ---"
         +0x0f0 ShortNameU       : _UNICODE_STRING "TEST.TXT"
         +0x0f8 DirNameU         : _UNICODE_STRING "--- memory read error at address 0xf3c52fb8 ---"
         +0x100 PathNameU        : _UNICODE_STRING "--- memory read error at address 0xf3c52fb8 ---"
         +0x108 PathNameBuffer   : 0xf3c52fb8  -> ??
         +0x10c ShortNameBuffer  : [13]  "TEST.TXT"
         +0x128 RefCount         : 0
         +0x12c FcbListEntry     : _LIST_ENTRY [ 0xf3c64f44 - 0xf3afcf44 ]
         +0x134 parentFcb        : 0xf3afce18 _VFATFCB
         +0x138 Flags            : 3
         +0x13c FileObject       : (null) 
         +0x140 dirIndex         : 2
         +0x144 startIndex       : 2
         +0x148 FCBShareAccess   : _SHARE_ACCESS
         +0x164 OpenHandleCount  : 0
         +0x168 Hash             : _HASHENTRY
         +0x174 ShortHash        : _HASHENTRY
         +0x180 FileLock         : _FILE_LOCK
         +0x1c0 LastMutex        : _FAST_MUTEX
         +0x1e0 LastCluster      : 0x3cefc
         +0x1e4 LastOffset       : 0

      cc Pierre Schweitzer

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ThFabba ThFabba
                Reporter:
                ThFabba ThFabba
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: