/* We know this is a pool-allocation if the size doesn't match */
if (Name->MaximumLength != OBP_NAME_LOOKASIDE_MAX_SIZE)
{
- /* Free it from the pool */
- ExFreePoolWithTag(Buffer, OB_NAME_TAG);
+ /*
+ * Free it from the pool.
+ *
+ * We cannot use here ExFreePoolWithTag(..., OB_NAME_TAG); , because
+ * the object name may have been massaged during operation by different
+ * object parse routines. If the latter ones have to resolve a symbolic
+ * link (e.g. as is done by CmpParseKey() and CmpGetSymbolicLink()),
+ * the original object name is freed and re-allocated from the pool,
+ * possibly with a different pool tag. At the end of the day, the new
+ * object name can be reallocated and completely different, but we
+ * should still be able to free it!
+ */
+ ExFreePool(Buffer);
}
else
{