Guard the calls to MmProbeAndLockPages and IoPrepareIrpBuffer with an exception frame and do free allocated resources if an exception occurs.

svn path=/trunk/; revision=14418
2024-12-28 01:55:19 +00:00 · 2005-04-01 18:17:47 +00:00 · 2005-04-01 18:17:47 +00:00 · 4ea628ccaa
commit 4ea628ccaa
parent fc9d1af415
1 changed files with 74 additions and 15 deletions
--- a/reactos/ntoskrnl/io/buildirp.c
+++ b/reactos/ntoskrnl/io/buildirp.c
@ -37,7 +37,6 @@ NTSTATUS IoPrepareIrpBuffer(PIRP Irp,
 	  (PVOID)ExAllocatePoolWithTag(NonPagedPool,Length, TAG_SYS_BUF);
 	if (Irp->AssociatedIrp.SystemBuffer==NULL)
 	  {
-	     IoFreeIrp(Irp);
 	     return(STATUS_NOT_IMPLEMENTED);
 	  }
 	/* FIXME: should copy buffer in on other ops */
@ -121,14 +120,35 @@ IoBuildAsynchronousFsdRequest(ULONG MajorFunction,
   StackPtr->FileObject = NULL;
   StackPtr->CompletionRoutine = NULL;

-   if (Buffer != NULL)
+   if (Length > 0)
     {
-	IoPrepareIrpBuffer(Irp,
+        NTSTATUS Status = STATUS_SUCCESS;
+
+        _SEH_FILTER(FreeAndGoOn) 
+	  {
+            IoFreeIrp(Irp);
+            return EXCEPTION_CONTINUE_SEARCH;
+          } 
+	_SEH_TRY_FILTER(FreeAndGoOn) 
+	  {
+	    Status = IoPrepareIrpBuffer(Irp,
 			                DeviceObject,
 			                Buffer,
 			                Length,
 			                MajorFunction);
 	  }
+        _SEH_HANDLE
+	  {
+	    KEBUGCHECK(0);
+	  }
+	_SEH_END;
+
+	if (!NT_SUCCESS(Status))
+	  {
+	    IoFreeIrp(Irp);
+	    return NULL;
+	  }
+     }

   if (MajorFunction == IRP_MJ_READ)
     {
@ -296,8 +316,28 @@ IoBuildDeviceIoControlRequest(ULONG IoControlCode,
 					     FALSE,
 					     FALSE,
 					    Irp);
+	     if (Irp->MdlAddress == NULL)
+	       {
+	         IoFreeIrp(Irp);
+		 return NULL;
+	       }
+
+             _SEH_FILTER(FreeAndGoOn) 
+	       {
+                 IoFreeIrp(Irp);
+                 return EXCEPTION_CONTINUE_SEARCH;
+               } 
+	     _SEH_TRY_FILTER(FreeAndGoOn) 
+	       {
 	         MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoReadAccess);
 	       }
+             _SEH_HANDLE
+	       {
+	         KEBUGCHECK(0);
+	       }
+             _SEH_END;
+
+	  }
 	break;
 	
      case METHOD_OUT_DIRECT:
@ -329,8 +369,27 @@ IoBuildDeviceIoControlRequest(ULONG IoControlCode,
 					     FALSE,
 					     FALSE,
 					    Irp);
+	     if (Irp->MdlAddress == NULL)
+	       {
+	         IoFreeIrp(Irp);
+		 return NULL;
+	       }
+
+             _SEH_FILTER(FreeAndGoOn) 
+	       {
+                 IoFreeIrp(Irp);
+                 return EXCEPTION_CONTINUE_SEARCH;
+               } 
+	     _SEH_TRY_FILTER(FreeAndGoOn) 
+	       {
 	         MmProbeAndLockPages(Irp->MdlAddress,UserMode,IoWriteAccess);
 	       }
+             _SEH_HANDLE
+	       {
+	         KEBUGCHECK(0);
+	       }
+	     _SEH_END;
+	  }
 	break;
 	
      case METHOD_NEITHER: