Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-06 10:52:59 +00:00
Code Issues Projects Releases Packages Wiki Activity

[MOUNTMGR] MountMgrMountedDeviceArrival(): Fix pool buffer double-free.

Browse source 
`DeviceInformation->DeviceName.Buffer` was already freed via the previous
  `FreePool(TargetDeviceName.Buffer);` call,
since `DeviceInformation->DeviceName` was set to `TargetDeviceName` above
in the code. This resulted in a pool double-free, triggering a corruption
of the pool, and a BSoD.

What had to be freed instead, is `DeviceInformation->SymbolicName.Buffer`
that is allocated at the beginning of the function.
This commit is contained in:
Hermès Bélusca-Maïto 2025-01-28 14:45:15 +01:00
parent 5962c44511
commit 8d91d4c8e1
No known key found for this signature in database
GPG key ID: 3B2539C65E7B93D0
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
drivers/storage/mountmgr/mountmgr.c
View file

@ -995,7 +995,7 @@ MountMgrMountedDeviceArrival(IN PDEVICE_EXTENSION DeviceExtension,
FreePool(UniqueId);
FreePool(TargetDeviceName.Buffer);
FreePool(DeviceInformation->DeviceName.Buffer);
FreePool(DeviceInformation->SymbolicName.Buffer);
FreePool(DeviceInformation);
KeReleaseSemaphore(&(DeviceExtension->DeviceLock), IO_NO_INCREMENT, 1, FALSE);