projects / reactos.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed a bug in RtlDestroyHeap, that will cause a page fault, if more than one subheap...
[reactos.git] / reactos / lib / ntdll / rtl / heap.c
diff --git a/reactos/lib/ntdll/rtl/heap.c b/reactos/lib/ntdll/rtl/heap.c
index 0504c3c..0dc64b2 100644 (file)
--- a/reactos/lib/ntdll/rtl/heap.c
+++ b/reactos/lib/ntdll/rtl/heap.c
@@ -1046,7 +1046,7 @@ RtlDestroyHeap(HANDLE heap) /* [in] Handle of heap */
 {
     HEAP *heapPtr = HEAP_GetPtr( heap );
     SUBHEAP *subheap;
-    ULONG i;
+    ULONG i, flags;
    
     TRACE("%08x\n", heap );
     if (!heapPtr) return FALSE;
@@ -1064,11 +1064,15 @@ RtlDestroyHeap(HANDLE heap) /* [in] Handle of heap */
    
     RtlDeleteCriticalSection( &heapPtr->critSection );
     subheap = &heapPtr->subheap;
+    // We must save the flags. The first subheap is located after 
+    // the heap structure. If we release the first subheap, 
+    // we release also the heap structure.
+    flags = heapPtr->flags;
     while (subheap)
     {
         SUBHEAP *next = subheap->next;
 
-       if (!(heapPtr->flags & HEAP_NO_VALLOC))
+       if (!(flags & HEAP_NO_VALLOC))
          {
            ULONG dummySize = 0;
            ZwFreeVirtualMemory(NtCurrentProcess(),
A free Windows-compatible Operating System