Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-06-20 11:48:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

[0.4.13][NTOS][WIN32SS] Fix double free in ObCreateObject

Browse source 
Backport the following commits:
0.4.15-dev-6401-g 53b30e3f3b [NTOSKRNL][NTGDI] Formatting addendum, no functional change
0.4.15-dev-5487-g e7bbbf049e [NTOS] Fix double free on allocation failure in ObCreateObject

Just for verifying that the size didn't increase anywhere:

ntoskrnl.exe GCC8.4.0dbg RosBEWin2.2.2 master               5.124.096
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.14  4.413.440 -> 4.413.440
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.13  4.367.360 -> 4.367.360
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.12  4.377.600 -> 4.377.600
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.11  4.377.088 -> 4.377.088
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4.10  4.344.320 -> 4.344.320
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  4.311.552 -> 4.311.552
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  4.296.704 -> 4.296.704
ntoskrnl.exe GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  4.231.168 -> 4.231.168

udfs.sys     GCC8.4.0dbg RosBEWin2.2.2 master             835.584
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.14  745.472 -> 745.472
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.13  745.472 -> 745.472
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.12  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.11  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4.10  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  749.568 -> 749.568
udfs.sys     GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  749.568 -> 749.568

user32.dll   GCC8.4.0dbg RosBEWin2.2.2 master               1.585.152
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.14  1.448.448 -> 1.448.448
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.13  1.445.376 -> 1.445.376
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.12  1.455.616 -> 1.455.616
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.11  1.453.056 -> 1.453.056
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4.10  1.434.624 -> 1.434.624
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  1.422.336 -> 1.422.336
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  1.421.824 -> 1.421.824
user32.dll   GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  1.418.752 -> 1.418.752

win32k.sys   GCC8.4.0dbg RosBEWin2.2.2 master               3.477.504
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.14  2.904.064 -> 2.904.064
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.13  2.895.872 -> 2.895.872
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.12  2.887.680 -> 2.887.680
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.11  2.867.200 -> 2.867.200
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4.10  2.863.104 -> 2.863.104
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 9  2.834.432 -> 2.834.432
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 8  2.830.336 -> 2.830.336
win32k.sys   GCC4.7.2dbg RosBEWin2.1.6 0.4. 7  2.830.336 -> 2.830.336
This commit is contained in:
Joachim Henze 2023-08-02 00:33:27 +02:00
parent 866a12fe3c
commit 4a6b865483
3 changed files with 11 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
ntoskrnl/config/cmsysini.c
View file

@ -1,7 +1,6 @@
/*
* PROJECT: ReactOS Kernel
* LICENSE: BSD - See COPYING.ARM in the top level directory
* FILE: ntoskrnl/config/cmsysini.c
* PURPOSE: Configuration Manager - System Initialization Code
* PROGRAMMERS: ReactOS Portable Systems Group
* Alex Ionescu (alex.ionescu@reactos.org)
@ -873,7 +872,6 @@ CmpInitializeSystemHive(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
UNICODE_STRING KeyName;
PCMHIVE SystemHive = NULL;
PSECURITY_DESCRIPTOR SecurityDescriptor;
BOOLEAN Success;
PAGED_CODE();
@ -921,12 +919,8 @@ CmpInitializeSystemHive(IN PLOADER_PARAMETER_BLOCK LoaderBlock)
}
/* Set the hive filename */
Success = RtlCreateUnicodeString(&SystemHive->FileFullPath,
L"\\SystemRoot\\System32\\Config\\SYSTEM");
if (!Success)
{
if (!RtlCreateUnicodeString(&SystemHive->FileFullPath, L"\\SystemRoot\\System32\\Config\\SYSTEM"))
return FALSE;
}
/* Manually set the hive as volatile, if in Live CD mode */
if (HiveBase && CmpShareSystemHives)

12
ntoskrnl/ob/oblife.c
View file

@ -872,10 +872,11 @@ ObpAllocateObject(IN POBJECT_CREATE_INFORMATION ObjectCreateInfo,
NTSTATUS
NTAPI
ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
IN ULONG Length,
OUT PULONG ReturnLength)
ObQueryTypeInfo(
IN POBJECT_TYPE ObjectType,
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
IN ULONG Length,
OUT PULONG ReturnLength)
{
NTSTATUS Status = STATUS_SUCCESS;
PWSTR InfoBuffer;
@ -887,7 +888,7 @@ ObQueryTypeInfo(IN POBJECT_TYPE ObjectType,
*ReturnLength += sizeof(*ObjectTypeInfo) +
ALIGN_UP(ObjectType->Name.MaximumLength, ULONG);
/* Check if thats too much though. */
/* Check if that is too much */
if (Length < *ReturnLength)
{
_SEH2_YIELD(return STATUS_INFO_LENGTH_MISMATCH);
@ -1036,6 +1037,7 @@ ObCreateObject(IN KPROCESSOR_MODE ProbeMode OPTIONAL,
/* Release the Capture Info, we don't need it */
ObpFreeObjectCreateInformation(ObjectCreateInfo);
if (ObjectName.Buffer) ObpFreeObjectNameBuffer(&ObjectName);
return Status;
}
/* We failed, so release the Buffer */

12
win32ss/gdi/ntgdi/freetype.c
View file

@ -1,7 +1,6 @@
/*
* PROJECT: ReactOS win32 kernel mode subsystem
* LICENSE: GPL - See COPYING in the top level directory
* FILE: win32ss/gdi/ntgdi/freetype.c
* PURPOSE: FreeType font engine interface
* PROGRAMMERS: Copyright 2001 Huw D M Davies for CodeWeavers.
* Copyright 2006 Dmitry Timoshkov for CodeWeavers.
@ -520,7 +519,6 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
BYTE CharSets[FONTSUBST_FROM_AND_TO];
LPWSTR pch;
PFONTSUBST_ENTRY pEntry;
BOOLEAN Success;
/* the FontSubstitutes registry key */
static UNICODE_STRING FontSubstKey =
@ -565,8 +563,7 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
pInfo = (PKEY_VALUE_FULL_INFORMATION)InfoBuffer;
Length = pInfo->NameLength / sizeof(WCHAR);
pInfo->Name[Length] = UNICODE_NULL; /* truncate */
Success = RtlCreateUnicodeString(&FromW, pInfo->Name);
if (!Success)
if (!RtlCreateUnicodeString(&FromW, pInfo->Name))
{
Status = STATUS_INSUFFICIENT_RESOURCES;
DPRINT("RtlCreateUnicodeString failed\n");
@ -588,8 +585,7 @@ IntLoadFontSubstList(PLIST_ENTRY pHead)
pch = (LPWSTR)((PUCHAR)pInfo + pInfo->DataOffset);
Length = pInfo->DataLength / sizeof(WCHAR);
pch[Length] = UNICODE_NULL; /* truncate */
Success = RtlCreateUnicodeString(&ToW, pch);
if (!Success)
if (!RtlCreateUnicodeString(&ToW, pch))
{
Status = STATUS_INSUFFICIENT_RESOURCES;
DPRINT("RtlCreateUnicodeString failed\n");
@ -1692,7 +1688,6 @@ IntLoadFontsInRegistry(VOID)
LPBYTE InfoBuffer;
PKEY_VALUE_FULL_INFORMATION pInfo;
LPWSTR pchPath;
BOOLEAN Success;
WCHAR szPath[MAX_PATH];
INT nFontCount = 0;
DWORD dwFlags;
@ -1759,8 +1754,7 @@ IntLoadFontsInRegistry(VOID)
pInfo = (PKEY_VALUE_FULL_INFORMATION)InfoBuffer;
Length = pInfo->NameLength / sizeof(WCHAR);
pInfo->Name[Length] = UNICODE_NULL; /* truncate */
Success = RtlCreateUnicodeString(&FontTitleW, pInfo->Name);
if (!Success)
if (!RtlCreateUnicodeString(&FontTitleW, pInfo->Name))
{
Status = STATUS_INSUFFICIENT_RESOURCES;
DPRINT1("RtlCreateUnicodeString failed\n");