From 29fa9f1dd8e005c901a3e38bd238dad39c0c38c2 Mon Sep 17 00:00:00 2001 From: Stefan Ginsberg Date: Wed, 15 Jul 2009 18:35:31 +0000 Subject: [PATCH] - Hey Arch, did you know MmpDeleteSection can be called for a Section Object before it is fully set up (when ObDereferenceObject is called before all fields are initialized), and it will now crash due to a bogus, nonintialized Segment/ImageSection pointer? Always zero out the whole buffer to prevent this. Fixes the kernel32 loader Winetest. svn path=/trunk/; revision=41985 --- reactos/ntoskrnl/mm/section.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/reactos/ntoskrnl/mm/section.c b/reactos/ntoskrnl/mm/section.c index 8bbeaa689ce..d9aedb8b343 100644 --- a/reactos/ntoskrnl/mm/section.c +++ b/reactos/ntoskrnl/mm/section.c @@ -2375,12 +2375,9 @@ MmCreatePageFileSection(PROS_SECTION_OBJECT *SectionObject, /* * Initialize it */ - Section->Type = 0; - Section->Size = 0; + RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT)); Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes; - Section->Segment = NULL; - Section->FileObject = NULL; Section->MaximumSize = MaximumSize; Segment = ExAllocatePoolWithTag(NonPagedPool, sizeof(MM_SECTION_SEGMENT), TAG_MM_SECTION_SEGMENT); @@ -2449,11 +2446,9 @@ MmCreateDataFileSection(PROS_SECTION_OBJECT *SectionObject, /* * Initialize it */ - Section->Type = 0; - Section->Size = 0; + RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT)); Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes; - Section->Segment = NULL; /* * Check file access required @@ -3377,9 +3372,7 @@ MmCreateImageSection(PROS_SECTION_OBJECT *SectionObject, /* * Initialize it */ - Section->Type = 0; - Section->Size = 0; - Section->MaximumSize.QuadPart = 0; + RtlZeroMemory(Section, sizeof(ROS_SECTION_OBJECT)); Section->SectionPageProtection = SectionPageProtection; Section->AllocationAttributes = AllocationAttributes;