[KMTESTS:OB]
authorThomas Faber <thomas.faber@reactos.org>
Wed, 19 Apr 2017 12:21:57 +0000 (12:21 +0000)
committerThomas Faber <thomas.faber@reactos.org>
Wed, 19 Apr 2017 12:21:57 +0000 (12:21 +0000)
- After ObCreateObject+ObInsertObject a handle close is enough to destroy the object, so do not dereference it in addition. Fixes use after free.
CORE-11474

svn path=/trunk/; revision=74375

rostests/kmtests/ntos_ob/ObType.c

index 1ec3e24..73f860f 100644 (file)
@@ -341,9 +341,11 @@ ObtClose(
         if (!skip(ObBody[i] != NULL, "Nothing to dereference\n"))
         {
             if (ObHandle1[i]) CheckObject(ObHandle1[i], 3LU, 1LU);
+            Ret = ObReferenceObject(ObBody[i]);
+            if (ObHandle1[i]) CheckObject(ObHandle1[i], 4LU, 1LU);
             Ret = ObDereferenceObject(ObBody[i]);
-            ok_eq_longptr(Ret, (LONG_PTR)1);
-            if (ObHandle1[i]) CheckObject(ObHandle1[i], 2LU, 1LU);
+            ok_eq_longptr(Ret, (LONG_PTR)2);
+            if (ObHandle1[i]) CheckObject(ObHandle1[i], 3LU, 1LU);
             ObBody[i] = NULL;
         }
         if (!skip(ObHandle1[i] != NULL, "Nothing to close\n"))