- Hey Arch, did you know MmpDeleteSection can be called for a Section Object before it is fully set up (when ObDereferenceObject is called before all fields are initialized), and it will now crash due to a bogus, nonintialized Segment/ImageSection pointer? Always zero out the whole buffer to prevent this. Fixes the kernel32 loader Winetest.

svn path=/trunk/; revision=41985
2025-01-06 06:20:13 +00:00 · 2009-07-15 18:35:31 +00:00 · 2009-07-15 18:35:31 +00:00 · 29fa9f1dd8
commit 29fa9f1dd8
parent 3989bd4e3c
1 changed files with 3 additions and 10 deletions
--- a/reactos/ntoskrnl/mm/section.c
+++ b/reactos/ntoskrnl/mm/section.c
@ -2375,12 +2375,9 @@ MmCreatePageFileSection(PROS_SECTION_OBJECT *SectionObject,
   /*
    * Initialize it
    */
-   Section->Type = 0;
-   Section->Size = 0;
+   RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT));
   Section->SectionPageProtection = SectionPageProtection;
   Section->AllocationAttributes = AllocationAttributes;
-   Section->Segment = NULL;
-   Section->FileObject = NULL;
   Section->MaximumSize = MaximumSize;
   Segment = ExAllocatePoolWithTag(NonPagedPool, sizeof(MM_SECTION_SEGMENT),
                                   TAG_MM_SECTION_SEGMENT);
@ -2449,11 +2446,9 @@ MmCreateDataFileSection(PROS_SECTION_OBJECT *SectionObject,
   /*
    * Initialize it
    */
-   Section->Type = 0;
-   Section->Size = 0;
+   RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT));
   Section->SectionPageProtection = SectionPageProtection;
   Section->AllocationAttributes = AllocationAttributes;
-   Section->Segment = NULL;

   /*
    * Check file access required
@ -3377,9 +3372,7 @@ MmCreateImageSection(PROS_SECTION_OBJECT *SectionObject,
   /*
    * Initialize it
    */
-   Section->Type = 0;
-   Section->Size = 0;
-   Section->MaximumSize.QuadPart = 0;
+   RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT));
   Section->SectionPageProtection = SectionPageProtection;
   Section->AllocationAttributes = AllocationAttributes;