From 1a683bbb89ded96283473cf3022242026189698f Mon Sep 17 00:00:00 2001
From: Thomas Faber <thomas.faber@reactos.org>
Date: Mon, 28 Jan 2013 18:27:21 +0000
Subject: [PATCH] [NTOSKRNL:MM] - Add a DPRINT with more info to the 'Hash ==
 TableMask' assertion - Validate pool tags on free also for big allocations -
 Validate pool tag earlier, before tracking the free operation CORE-6929

svn path=/trunk/; revision=58246
---
 reactos/ntoskrnl/mm/ARM3/expool.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

diff --git a/reactos/ntoskrnl/mm/ARM3/expool.c b/reactos/ntoskrnl/mm/ARM3/expool.c
index 1f978f1e745..73a4a8146fe 100644
--- a/reactos/ntoskrnl/mm/ARM3/expool.c
+++ b/reactos/ntoskrnl/mm/ARM3/expool.c
@@ -570,7 +570,12 @@ ExpRemovePoolTracker(IN ULONG Key,
         // We should have only ended up with an empty entry if we've reached
         // the last bucket
         //
-        if (!TableEntry->Key) ASSERT(Hash == TableMask);
+        if (!TableEntry->Key)
+        {
+            DPRINT1("Empty item reached in tracker table. Tag=0x%08lx, NumberOfBytes=%lu, PoolType=%d\n",
+                    Key, (ULONG)NumberOfBytes, PoolType);
+            ASSERT(Hash == TableMask);
+        }
 
         //
         // This path is hit when we don't have an entry, and the current bucket
@@ -2071,6 +2076,15 @@ ExFreePoolWithTag(IN PVOID P,
             Tag &= ~PROTECTED_POOL;
         }
 
+        //
+        // Check block tag
+        //
+        if (TagToFree && TagToFree != Tag)
+        {
+            DPRINT1("Freeing pool - invalid tag specified: %.4s != %.4s\n", (char*)&TagToFree, (char*)&Tag);
+            KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree);
+        }
+
         //
         // We have our tag and our page count, so we can go ahead and remove this
         // tracker now
@@ -2143,13 +2157,6 @@ ExFreePoolWithTag(IN PVOID P,
     Tag = Entry->PoolTag;
     if (Tag & PROTECTED_POOL) Tag &= ~PROTECTED_POOL;
 
-    //
-    // Stop tracking this allocation
-    //
-    ExpRemovePoolTracker(Tag,
-                         BlockSize * POOL_BLOCK_SIZE,
-                         Entry->PoolType - 1);
-
     //
     // Check block tag
     //
@@ -2159,6 +2166,13 @@ ExFreePoolWithTag(IN PVOID P,
         KeBugCheckEx(BAD_POOL_CALLER, 0x0A, (ULONG_PTR)P, Tag, TagToFree);
     }
 
+    //
+    // Track the removal of this allocation
+    //
+    ExpRemovePoolTracker(Tag,
+                         BlockSize * POOL_BLOCK_SIZE,
+                         Entry->PoolType - 1);
+
     //
     // Is this allocation small enough to have come from a lookaside list?
     //