From 9bd26230ddd4f24b2e69ba495c6f6742d90fd9ad Mon Sep 17 00:00:00 2001
From: Johannes Anderwald <johannes.anderwald@reactos.org>
Date: Sat, 3 Jun 2006 12:48:09 +0000
Subject: [PATCH] fix bug in CmiCreateHiveFreeCellList when a cell has size 0
 which leads to inifite loop fix bug in CmiCreateTempHive where only a pointer
 was allocated for the first cell but not object itself

svn path=/trunk/; revision=22192
---
 reactos/ntoskrnl/cm/regfile.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/reactos/ntoskrnl/cm/regfile.c b/reactos/ntoskrnl/cm/regfile.c
index 66a680ff8bf..b5ecab85ac5 100644
--- a/reactos/ntoskrnl/cm/regfile.c
+++ b/reactos/ntoskrnl/cm/regfile.c
@@ -783,10 +783,24 @@ CmiCreateHiveFreeCellList(PREGISTRY_HIVE Hive)
 
 	      FreeOffset += FreeBlock->CellSize;
 	    }
-	  else
+      else if (FreeBlock->CellSize < 0)
 	    {
 	      FreeOffset -= FreeBlock->CellSize;
 	    }
+      else
+	  {
+#ifdef HIVE_CHECK
+         /* Check and eventually fix a hive */
+         Status = CmiCheckAndFixHive(Hive);
+         if (!NT_SUCCESS(Status))
+           {
+             DPRINT1("CmiCheckAndFixHive() failed (Status %lx)\n", Status);
+             return(Status);
+           }
+#else
+		 break;
+#endif
+	  }
 	}
 
       BlockIndex += Bin->BinSize / REG_BLOCK_SIZE;
@@ -1164,7 +1178,7 @@ CmiCreateTempHive(PREGISTRY_HIVE *RegistryHive)
 
   /* Allocate hive block list */
   Hive->BlockList = ExAllocatePool (NonPagedPool,
-				    sizeof(PBLOCK_LIST_ENTRY));
+				    sizeof(BLOCK_LIST_ENTRY));
   if (Hive->BlockList == NULL)
     {
       DPRINT1 ("Failed to allocate hive block list\n");