[NTOS]: Revert the pool tag change from r75128, and explain in comment why we cannot...

author Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>

Mon, 19 Jun 2017 16:29:44 +0000 (16:29 +0000)

committer Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>

Mon, 19 Jun 2017 16:29:44 +0000 (16:29 +0000)
author Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Mon, 19 Jun 2017 16:29:44 +0000 (16:29 +0000)
committer Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
Mon, 19 Jun 2017 16:29:44 +0000 (16:29 +0000)
diff --git a/reactos/ntoskrnl/ob/oblife.c b/reactos/ntoskrnl/ob/oblife.c

index c37a9c2..3421179 100644 (file)
--- a/reactos/ntoskrnl/ob/oblife.c
+++ b/reactos/ntoskrnl/ob/oblife.c
@@ -351,8 +351,19 @@ ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name)
      /* We know this is a pool-allocation if the size doesn't match */
      if (Name->MaximumLength != OBP_NAME_LOOKASIDE_MAX_SIZE)
      {
-        /* Free it from the pool */
-        ExFreePoolWithTag(Buffer, OB_NAME_TAG);
+        /*
+         * Free it from the pool.
+         *
+         * We cannot use here ExFreePoolWithTag(..., OB_NAME_TAG); , because
+         * the object name may have been massaged during operation by different
+         * object parse routines. If the latter ones have to resolve a symbolic
+         * link (e.g. as is done by CmpParseKey() and CmpGetSymbolicLink()),
+         * the original object name is freed and re-allocated from the pool,
+         * possibly with a different pool tag. At the end of the day, the new
+         * object name can be reallocated and completely different, but we
+         * should still be able to free it!
+         */
+        ExFreePool(Buffer);
      }
      else
      {
author	Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
	Mon, 19 Jun 2017 16:29:44 +0000 (16:29 +0000)
committer	Hermès Bélusca-Maïto <hermes.belusca-maito@reactos.org>
	Mon, 19 Jun 2017 16:29:44 +0000 (16:29 +0000)