mirror of
https://github.com/reactos/reactos.git
synced 2024-09-28 13:34:53 +00:00
[0.4.14][NTOS][WIN32SS] Fix double free in ObCreateObject
Backport the following commits: 0.4.15-dev-6401-g53b30e3f3b
[NTOSKRNL][NTGDI] Formatting addendum, no functional change 0.4.15-dev-5487-ge7bbbf049e
[NTOS] Fix double free on allocation failure in ObCreateObject Just for verifying that the size didn't increase anywhere: ntoskrnl.exe GCC8.4.0dbg RosBEWin2.2.2 master 5.124.096 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.14 4.413.440 -> 4.413.440 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.13 4.367.360 -> 4.367.360 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.12 4.377.600 -> 4.377.600 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.11 4.377.088 -> 4.377.088 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.10 4.344.320 -> 4.344.320 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 9 4.311.552 -> 4.311.552 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 8 4.296.704 -> 4.296.704 ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 7 4.231.168 -> 4.231.168 udfs.sys GCC8.4.0dbg RosBEWin2.2.2 master 835.584 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.14 745.472 -> 745.472 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.13 745.472 -> 745.472 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.12 749.568 -> 749.568 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.11 749.568 -> 749.568 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.10 749.568 -> 749.568 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4. 9 749.568 -> 749.568 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4. 8 749.568 -> 749.568 udfs.sys GCC4.7.2dbg RosBEWin2.1.6 0.4. 7 749.568 -> 749.568 user32.dll GCC8.4.0dbg RosBEWin2.2.2 master 1.585.152 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4.14 1.448.448 -> 1.448.448 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4.13 1.445.376 -> 1.445.376 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4.12 1.455.616 -> 1.455.616 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4.11 1.453.056 -> 1.453.056 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4.10 1.434.624 -> 1.434.624 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4. 9 1.422.336 -> 1.422.336 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4. 8 1.421.824 -> 1.421.824 user32.dll GCC4.7.2dbg RosBEWin2.1.6 0.4. 7 1.418.752 -> 1.418.752 win32k.sys GCC8.4.0dbg RosBEWin2.2.2 master 3.477.504 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.14 2.904.064 -> 2.904.064 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.13 2.895.872 -> 2.895.872 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.12 2.887.680 -> 2.887.680 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.11 2.867.200 -> 2.867.200 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4.10 2.863.104 -> 2.863.104 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4. 9 2.834.432 -> 2.834.432 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4. 8 2.830.336 -> 2.830.336 win32k.sys GCC4.7.2dbg RosBEWin2.1.6 0.4. 7 2.830.336 -> 2.830.336
This commit is contained in:
parent
8e573e8dac
commit
3617bc9823
|
@ -1,7 +1,6 @@
|
|||
/*
|
||||
* PROJECT: ReactOS Kernel
|
||||
* LICENSE: BSD - See COPYING.ARM in the top level directory
|
||||
* FILE: ntoskrnl/config/cmsysini.c
|
||||
* PURPOSE: Configuration Manager - System Initialization Code
|
||||
* PROGRAMMERS: ReactOS Portable Systems Group
|
||||
* Alex Ionescu (alex.ionescu@reactos.org)
|
||||
|
@ -873,7 +872,6 @@ CmpInitializeSystemHive(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
|
|||
UNICODE_STRING KeyName;
|
||||
PCMHIVE SystemHive = NULL;
|
||||
PSECURITY_DESCRIPTOR SecurityDescriptor;
|
||||
BOOLEAN Success;
|
||||
|
||||
PAGED_CODE();
|
||||
|
||||
|
@ -921,12 +919,8 @@ CmpInitializeSystemHive(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
|
|||
}
|
||||
|
||||
/* Set the hive filename */
|
||||
Success = RtlCreateUnicodeString(&SystemHive->FileFullPath,
|
||||
L"\\SystemRoot\\System32\\Config\\SYSTEM");
|
||||
if (!Success)
|
||||
{
|
||||
if (!RtlCreateUnicodeString(&SystemHive->FileFullPath, L"\\SystemRoot\\System32\\Config\\SYSTEM"))
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Manually set the hive as volatile, if in Live CD mode */
|
||||
if (HiveBase && CmpShareSystemHives)
|
||||
|
|
|
@ -872,10 +872,11 @@ ObpAllocateObject(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
|
|||
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
|
||||
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
|
||||
IN ULONG Length,
|
||||
OUT PULONG ReturnLength)
|
||||
ObQueryTypeInfo(
|
||||
IN POBJECT_TYPE ObjectType,
|
||||
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
|
||||
IN ULONG Length,
|
||||
OUT PULONG ReturnLength)
|
||||
{
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
PWSTR InfoBuffer;
|
||||
|
@ -887,7 +888,7 @@ ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
|
|||
*ReturnLength += sizeof(*ObjectTypeInfo) +
|
||||
ALIGN_UP(ObjectType->Name.MaximumLength, ULONG);
|
||||
|
||||
/* Check if thats too much though. */
|
||||
/* Check if that is too much */
|
||||
if (Length < *ReturnLength)
|
||||
{
|
||||
_SEH2_YIELD(return STATUS_INFO_LENGTH_MISMATCH);
|
||||
|
@ -1036,6 +1037,7 @@ ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL,
|
|||
/* Release the Capture Info, we don't need it */
|
||||
ObpFreeObjectCreateInformation(ObjectCreateInfo);
|
||||
if (ObjectName.Buffer) ObpFreeObjectNameBuffer(&ObjectName);
|
||||
return Status;
|
||||
}
|
||||
|
||||
/* We failed, so release the Buffer */
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
/*
|
||||
* PROJECT: ReactOS win32 kernel mode subsystem
|
||||
* LICENSE: GPL - See COPYING in the top level directory
|
||||
* FILE: win32ss/gdi/ntgdi/freetype.c
|
||||
* PURPOSE: FreeType font engine interface
|
||||
* PROGRAMMERS: Copyright 2001 Huw D M Davies for CodeWeavers.
|
||||
* Copyright 2006 Dmitry Timoshkov for CodeWeavers.
|
||||
|
@ -520,7 +519,6 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
|
|||
BYTE CharSets[FONTSUBST_FROM_AND_TO];
|
||||
LPWSTR pch;
|
||||
PFONTSUBST_ENTRY pEntry;
|
||||
BOOLEAN Success;
|
||||
|
||||
/* the FontSubstitutes registry key */
|
||||
static UNICODE_STRING FontSubstKey =
|
||||
|
@ -565,8 +563,7 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
|
|||
pInfo = (PKEY_VALUE_FULL_INFORMATION)InfoBuffer;
|
||||
Length = pInfo->NameLength / sizeof(WCHAR);
|
||||
pInfo->Name[Length] = UNICODE_NULL; /* truncate */
|
||||
Success = RtlCreateUnicodeString(&FromW, pInfo->Name);
|
||||
if (!Success)
|
||||
if (!RtlCreateUnicodeString(&FromW, pInfo->Name))
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
DPRINT("RtlCreateUnicodeString failed\n");
|
||||
|
@ -588,8 +585,7 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
|
|||
pch = (LPWSTR)((PUCHAR)pInfo + pInfo->DataOffset);
|
||||
Length = pInfo->DataLength / sizeof(WCHAR);
|
||||
pch[Length] = UNICODE_NULL; /* truncate */
|
||||
Success = RtlCreateUnicodeString(&ToW, pch);
|
||||
if (!Success)
|
||||
if (!RtlCreateUnicodeString(&ToW, pch))
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
DPRINT("RtlCreateUnicodeString failed\n");
|
||||
|
@ -1680,7 +1676,6 @@ IntLoadFontsInRegistry(VOID)
|
|||
LPBYTE InfoBuffer;
|
||||
PKEY_VALUE_FULL_INFORMATION pInfo;
|
||||
LPWSTR pchPath;
|
||||
BOOLEAN Success;
|
||||
WCHAR szPath[MAX_PATH];
|
||||
INT nFontCount = 0;
|
||||
DWORD dwFlags;
|
||||
|
@ -1747,8 +1742,7 @@ IntLoadFontsInRegistry(VOID)
|
|||
pInfo = (PKEY_VALUE_FULL_INFORMATION)InfoBuffer;
|
||||
Length = pInfo->NameLength / sizeof(WCHAR);
|
||||
pInfo->Name[Length] = UNICODE_NULL; /* truncate */
|
||||
Success = RtlCreateUnicodeString(&FontTitleW, pInfo->Name);
|
||||
if (!Success)
|
||||
if (!RtlCreateUnicodeString(&FontTitleW, pInfo->Name))
|
||||
{
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
DPRINT1("RtlCreateUnicodeString failed\n");
|
||||
|
|
Loading…
Reference in a new issue