From ffd524275e721a192b91cbc65819ee377043eb79 Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Sun, 25 Mar 2018 18:26:32 +0200
Subject: [PATCH] [NTOSKRNL] Properly delete VACB in CcRosCreateVacb() when
 mapping fails. Spotted by Thomas.

CORE-14478
CORE-14502
---
 ntoskrnl/cc/view.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c
index 9cc45bdb3ed..ba87c5e5103 100644
--- a/ntoskrnl/cc/view.c
+++ b/ntoskrnl/cc/view.c
@@ -831,18 +831,20 @@ CcRosCreateVacb (
     }
 #endif
 
+    /* Reference it to allow release */
+    CcRosVacbIncRefCount(current);
+
     Status = CcRosMapVacbInKernelSpace(current);
     if (!NT_SUCCESS(Status))
     {
         RemoveEntryList(&current->CacheMapVacbListEntry);
         RemoveEntryList(&current->VacbLruListEntry);
-        CcRosReleaseVacbLock(current);
+        CcRosReleaseVacb(SharedCacheMap, current, FALSE,
+                         FALSE, FALSE);
+        CcRosVacbDecRefCount(current);
         ExFreeToNPagedLookasideList(&VacbLookasideList, current);
     }
 
-    /* Reference it to allow release */
-    CcRosVacbIncRefCount(current);
-
     return Status;
 }