From: Hermès Bélusca-Maïto Date: Thu, 27 Sep 2012 17:16:31 +0000 (+0000) Subject: [NTOSKRNL] X-Git-Tag: backups/ros-csrss@57560~156 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=572d5fcaeb10e87dac4c981b29d0085cba189591 [NTOSKRNL] Coverity code defects fixes : - Cache: CID 701441 - Config: CIDs 716570, 716669, 716760 - Dbgk: Kdbg: CIDs 716571, 515128/9, 500432 - Ex: CIDs 500156/7, 515122, 716200/67, 701301, 514669 - Fsrtl: Fstub: CIDs 701341/2, 701288, 716770, 701302, and CIDs 716576/7/8 + 514636 + 716805 thanks to Thomas Faber - Io: CIDs 514576, 514643, 514672/3, 716203, 716269, 716581, 716591, 716713 - Ke: CIDs 515125, 716592 - Ps: CIDs 716603/4, 701422 - Ob: Po: CIDs 514671/680, 701419/420/421, 716763, 716601/2 All the details are given in the different bug reports. CORE-6677 CORE-6679 CORE-6680 CORE-6683 CORE-6686 CORE-6692 CORE-6693 CORE-6694 CORE-6695 CORE-6696 #comment Committed in rev.57400 #resolve #close svn path=/trunk/; revision=57400 --- diff --git a/reactos/lib/rtl/atom.c b/reactos/lib/rtl/atom.c index aa09ae71e90..06e131e4b27 100644 --- a/reactos/lib/rtl/atom.c +++ b/reactos/lib/rtl/atom.c @@ -103,6 +103,12 @@ RtlpCheckIntegerAtom(PWSTR AtomName, return TRUE; } + /* + * AtomName cannot be NULL because this + * case was caught by the previous test. + */ + ASSERT(AtomName != NULL); + if (*AtomName != L'#') return FALSE; diff --git a/reactos/ntoskrnl/cache/section/swapout.c b/reactos/ntoskrnl/cache/section/swapout.c index 9c8a969caa0..801acfbb2aa 100644 --- a/reactos/ntoskrnl/cache/section/swapout.c +++ b/reactos/ntoskrnl/cache/section/swapout.c @@ -348,7 +348,7 @@ MmpPageOutPhysicalAddress(PFN_NUMBER Page) PMM_SECTION_SEGMENT Segment = NULL; LARGE_INTEGER FileOffset; PMEMORY_AREA MemoryArea; - PMMSUPPORT AddressSpace = MmGetKernelAddressSpace(); + PMMSUPPORT AddressSpace = NULL; BOOLEAN Dirty = FALSE; PVOID Address = NULL; PEPROCESS Process = NULL; @@ -385,7 +385,6 @@ MmpPageOutPhysicalAddress(PFN_NUMBER Page) DPRINT("No segment association for %x\n", Page); } - Dirty = MmIsDirtyPageRmap(Page); DPRINTC("Trying to unmap all instances of %x\n", Page); @@ -409,7 +408,8 @@ MmpPageOutPhysicalAddress(PFN_NUMBER Page) DPRINTC("Process %x Address %x Page %x\n", Process, Address, Page); - if (RMAP_IS_SEGMENT(Address)) { + if (RMAP_IS_SEGMENT(Address)) + { entry = entry->Next; continue; } @@ -440,10 +440,10 @@ MmpPageOutPhysicalAddress(PFN_NUMBER Page) KeBugCheck(MEMORY_MANAGEMENT); } - MmLockAddressSpace(AddressSpace); - do { + MmLockAddressSpace(AddressSpace); + MemoryArea = MmLocateMemoryAreaByAddress(AddressSpace, Address); if (MemoryArea == NULL || MemoryArea->DeleteInProgress) { @@ -505,15 +505,14 @@ MmpPageOutPhysicalAddress(PFN_NUMBER Page) DPRINT1("bail\n"); goto bail; } - else Status = STATUS_MM_RESTART_OPERATION; + else + { + Status = STATUS_MM_RESTART_OPERATION; + } } - - MmLockAddressSpace(AddressSpace); } while (Status == STATUS_MM_RESTART_OPERATION); - MmUnlockAddressSpace(AddressSpace); - if (ProcRef) { ObDereferenceObject(Process); diff --git a/reactos/ntoskrnl/config/cminit.c b/reactos/ntoskrnl/config/cminit.c index 9efde0fe054..bb3e9d58956 100644 --- a/reactos/ntoskrnl/config/cminit.c +++ b/reactos/ntoskrnl/config/cminit.c @@ -116,13 +116,24 @@ CmpInitializeHive(OUT PCMHIVE *RegistryHive, Hive->ViewLock = ExAllocatePoolWithTag(NonPagedPool, sizeof(KGUARDED_MUTEX), TAG_CM); - if (!Hive->ViewLock) return STATUS_INSUFFICIENT_RESOURCES; + if (!Hive->ViewLock) + { + /* Cleanup allocation and fail */ + ExFreePoolWithTag(Hive, TAG_CM); + return STATUS_INSUFFICIENT_RESOURCES; + } /* Allocate the flush lock */ Hive->FlusherLock = ExAllocatePoolWithTag(NonPagedPool, sizeof(ERESOURCE), TAG_CM); - if (!Hive->FlusherLock) return STATUS_INSUFFICIENT_RESOURCES; + if (!Hive->FlusherLock) + { + /* Cleanup allocations and fail */ + ExFreePoolWithTag(Hive->ViewLock, TAG_CM); + ExFreePoolWithTag(Hive, TAG_CM); + return STATUS_INSUFFICIENT_RESOURCES; + } /* Setup the handles */ Hive->FileHandles[HFILE_TYPE_PRIMARY] = Primary; @@ -189,10 +200,10 @@ CmpInitializeHive(OUT PCMHIVE *RegistryHive, (PUNICODE_STRING)FileName); if (!NT_SUCCESS(Status)) { - /* Clear allocations and fail */ - ExFreePool(Hive->ViewLock); - ExFreePool(Hive->FlusherLock); - ExFreePool(Hive); + /* Cleanup allocations and fail */ + ExFreePoolWithTag(Hive->FlusherLock, TAG_CM); + ExFreePoolWithTag(Hive->ViewLock, TAG_CM); + ExFreePoolWithTag(Hive, TAG_CM); return Status; } @@ -205,10 +216,10 @@ CmpInitializeHive(OUT PCMHIVE *RegistryHive, /* Verify integrity */ if (CmCheckRegistry((PCMHIVE)Hive, TRUE)) { - /* Free all alocations */ - ExFreePool(Hive->ViewLock); - ExFreePool(Hive->FlusherLock); - ExFreePool(Hive); + /* Cleanup allocations and fail */ + ExFreePoolWithTag(Hive->FlusherLock, TAG_CM); + ExFreePoolWithTag(Hive->ViewLock, TAG_CM); + ExFreePoolWithTag(Hive, TAG_CM); return STATUS_REGISTRY_CORRUPT; } } @@ -231,10 +242,10 @@ NTSTATUS NTAPI CmpOpenHiveFiles(IN PCUNICODE_STRING BaseName, IN PCWSTR Extension OPTIONAL, - IN PHANDLE Primary, - IN PHANDLE Log, - IN PULONG PrimaryDisposition, - IN PULONG LogDisposition, + OUT PHANDLE Primary, + OUT PHANDLE Log, + OUT PULONG PrimaryDisposition, + OUT PULONG LogDisposition, IN BOOLEAN CreateAllowed, IN BOOLEAN MarkAsSystemHive, IN BOOLEAN NoBuffering, diff --git a/reactos/ntoskrnl/config/cmparse.c b/reactos/ntoskrnl/config/cmparse.c index 11f5c3b6165..acf5e2416fe 100644 --- a/reactos/ntoskrnl/config/cmparse.c +++ b/reactos/ntoskrnl/config/cmparse.c @@ -136,7 +136,7 @@ CmpGetSymbolicLink(IN PHHIVE Hive, if (Length > 0xFFFF) goto Exit; /* Check if we need a new buffer */ - if (Length > ObjectName->MaximumLength) + if (Length > ObjectName->MaximumLength) { /* We do -- allocate one */ NewBuffer = ExAllocatePoolWithTag(PagedPool, Length, TAG_CM); @@ -334,7 +334,7 @@ CmpDoCreateChild(IN PHHIVE Hive, KeyNode->MaxClassLen = 0; KeyNode->NameLength = CmpCopyName(Hive, KeyNode->Name, Name); if (KeyNode->NameLength < Name->Length) KeyNode->Flags |= KEY_COMP_NAME; - + /* Create the KCB */ Kcb = CmpCreateKeyControlBlock(Hive, *KeyCell, @@ -349,7 +349,7 @@ CmpDoCreateChild(IN PHHIVE Hive, Status = STATUS_INSUFFICIENT_RESOURCES; goto Quickie; } - + /* Sanity check */ ASSERT(Kcb->RefCount == 1); @@ -357,7 +357,7 @@ CmpDoCreateChild(IN PHHIVE Hive, KeyBody->NotifyBlock = NULL; KeyBody->ProcessID = PsGetCurrentProcessId(); KeyBody->KeyControlBlock = Kcb; - + /* Link it with the KCB */ EnlistKeyBodyWithKCB(KeyBody, 0); @@ -745,7 +745,7 @@ CmpCreateLinkNode(IN PHHIVE Hive, DPRINT1("Invalid link node attempt\n"); return STATUS_ACCESS_DENIED; } - + /* Check if the parent is being deleted */ if (ParentKcb->Delete) { @@ -754,7 +754,7 @@ CmpCreateLinkNode(IN PHHIVE Hive, Status = STATUS_OBJECT_NAME_NOT_FOUND; goto Exit; } - + /* Allocate a link node */ LinkCell = HvAllocateCell(Hive, FIELD_OFFSET(CM_KEY_NODE, Name) + @@ -767,14 +767,14 @@ CmpCreateLinkNode(IN PHHIVE Hive, Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Get the key cell */ KeyCell = Context->ChildHive.KeyCell; if (KeyCell != HCELL_NIL) { /* Hive exists! */ ChildCell = KeyCell; - + /* Get the node data */ KeyNode = (PCM_KEY_NODE)HvGetCell(Context->ChildHive.KeyHive, ChildCell); if (!KeyNode) @@ -784,12 +784,12 @@ CmpCreateLinkNode(IN PHHIVE Hive, Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Fill out the data */ KeyNode->Parent = LinkCell; KeyNode->Flags |= KEY_HIVE_ENTRY | KEY_NO_DELETE; HvReleaseCell(Context->ChildHive.KeyHive, ChildCell); - + /* Now open the key cell */ KeyNode = (PCM_KEY_NODE)HvGetCell(Context->ChildHive.KeyHive, KeyCell); if (!KeyNode) @@ -799,7 +799,7 @@ CmpCreateLinkNode(IN PHHIVE Hive, Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Open the parent */ Status = CmpDoOpen(Context->ChildHive.KeyHive, KeyCell, @@ -834,13 +834,13 @@ CmpCreateLinkNode(IN PHHIVE Hive, Context->ChildHive.KeyHive->BaseBlock->RootCell = ChildCell; } } - + /* Check if open or create suceeded */ if (NT_SUCCESS(Status)) { /* Mark the cell dirty */ HvMarkCellDirty(Context->ChildHive.KeyHive, ChildCell, FALSE); - + /* Get the key node */ KeyNode = HvGetCell(Context->ChildHive.KeyHive, ChildCell); if (!KeyNode) @@ -850,14 +850,14 @@ CmpCreateLinkNode(IN PHHIVE Hive, Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Release it */ HvReleaseCell(Context->ChildHive.KeyHive, ChildCell); - + /* Set the parent and flags */ KeyNode->Parent = LinkCell; KeyNode->Flags |= KEY_HIVE_ENTRY | KEY_NO_DELETE; - + /* Get the link node */ KeyNode = HvGetCell(Hive, LinkCell); if (!KeyNode) @@ -867,7 +867,7 @@ CmpCreateLinkNode(IN PHHIVE Hive, Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Set it up */ KeyNode->Signature = CM_LINK_NODE_SIGNATURE; KeyNode->Flags = KEY_HIVE_EXIT | KEY_NO_DELETE; @@ -876,7 +876,7 @@ CmpCreateLinkNode(IN PHHIVE Hive, if (KeyNode->NameLength < Name.Length) KeyNode->Flags |= KEY_COMP_NAME; KeQuerySystemTime(&TimeStamp); KeyNode->LastWriteTime = TimeStamp; - + /* Clear out the rest */ KeyNode->SubKeyCounts[Stable] = 0; KeyNode->SubKeyCounts[Volatile] = 0; @@ -885,12 +885,12 @@ CmpCreateLinkNode(IN PHHIVE Hive, KeyNode->ValueList.Count = 0; KeyNode->ValueList.List = HCELL_NIL; KeyNode->ClassLength = 0; - + /* Reference the root node */ KeyNode->ChildHiveReference.KeyHive = Context->ChildHive.KeyHive; KeyNode->ChildHiveReference.KeyCell = ChildCell; HvReleaseCell(Hive, LinkCell); - + /* Get the parent node */ KeyNode = HvGetCell(Hive, Cell); if (!KeyNode) @@ -900,14 +900,14 @@ CmpCreateLinkNode(IN PHHIVE Hive, Status = STATUS_INSUFFICIENT_RESOURCES; goto Exit; } - + /* Now add the subkey */ if (!CmpAddSubKey(Hive, Cell, LinkCell)) { /* Failure! We don't handle this yet! */ ASSERT(FALSE); } - + /* Get the key body */ KeyBody = (PCM_KEY_BODY)*Object; @@ -915,12 +915,12 @@ CmpCreateLinkNode(IN PHHIVE Hive, ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyCell == Cell); ASSERT(KeyBody->KeyControlBlock->ParentKcb->KeyHive == Hive); ASSERT(KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen == KeyNode->MaxNameLen); - + /* Update the timestamp */ KeQuerySystemTime(&TimeStamp); KeyNode->LastWriteTime = TimeStamp; KeyBody->KeyControlBlock->ParentKcb->KcbLastWriteTime = TimeStamp; - + /* Check if we need to update name maximum */ if (KeyNode->MaxNameLen < Name.Length) { @@ -928,14 +928,14 @@ CmpCreateLinkNode(IN PHHIVE Hive, KeyNode->MaxNameLen = Name.Length; KeyBody->KeyControlBlock->ParentKcb->KcbMaxNameLen = Name.Length; } - + /* Check if we need toupdate class length maximum */ if (KeyNode->MaxClassLen < Context->Class.Length) { /* Update it */ KeyNode->MaxClassLen = Context->Class.Length; } - + /* Release the cell */ HvReleaseCell(Hive, Cell); } @@ -944,7 +944,7 @@ CmpCreateLinkNode(IN PHHIVE Hive, /* Release the link cell */ HvReleaseCell(Hive, LinkCell); } - + Exit: /* Release the flusher locks and return status */ return Status; @@ -965,11 +965,11 @@ CmpHandleExitNode(IN OUT PHHIVE *Hive, ASSERT(*ReleaseHive != NULL); HvReleaseCell((*ReleaseHive), *ReleaseCell); } - + /* Get the link references */ *Hive = (*KeyNode)->ChildHiveReference.KeyHive; *Cell = (*KeyNode)->ChildHiveReference.KeyCell; - + /* Get the new node */ *KeyNode = (PCM_KEY_NODE)HvGetCell((*Hive), *Cell); if (*KeyNode) @@ -1004,10 +1004,10 @@ CmpBuildHashStackAndLookupCache(IN PCM_KEY_BODY ParseObject, /* Calculate hash values */ *TotalRemainingSubkeys = 0xBAADF00D; - + /* Lock the registry */ CmpLockRegistry(); - + /* Return hive and cell data */ *Hive = (*Kcb)->KeyHive; *Cell = (*Kcb)->KeyCell; @@ -1060,7 +1060,7 @@ CmpParseKey(IN PVOID ParseObject, /* Fail if this isn't a key object */ if (ObjectType != CmpKeyObjectType) return STATUS_OBJECT_TYPE_MISMATCH; - + /* Copy the remaining name */ Current = *RemainingName; @@ -1070,10 +1070,13 @@ CmpParseKey(IN PVOID ParseObject, /* It isn't, so no context */ ParseContext = NULL; } - + /* Grab the KCB */ Kcb = ((PCM_KEY_BODY)ParseObject)->KeyControlBlock; + /* Sanity check */ + ASSERT(Kcb != NULL); + /* Fail if the key was marked as deleted */ if (Kcb->Delete) return STATUS_KEY_DELETED; @@ -1089,10 +1092,13 @@ CmpParseKey(IN PVOID ParseObject, &TotalSubkeys, NULL, &LockedKcbs); - + /* This is now the parent */ ParentKcb = Kcb; - + + /* Sanity check */ + ASSERT(ParentKcb != NULL); + /* Check if everything was found cached */ if (!TotalRemainingSubkeys) ASSERTMSG("Caching not implemented", FALSE); @@ -1127,7 +1133,7 @@ CmpParseKey(IN PVOID ParseObject, goto Quickie; } Current.MaximumLength += NextName.MaximumLength; - + /* Parse the symlink */ if (CmpGetSymbolicLink(Hive, CompleteName, @@ -1146,7 +1152,7 @@ CmpParseKey(IN PVOID ParseObject, /* We're done */ goto Quickie; } - + /* Get the key node */ Node = (PCM_KEY_NODE)HvGetCell(Hive, Cell); if (!Node) @@ -1174,7 +1180,7 @@ CmpParseKey(IN PVOID ParseObject, Cell = NextCell; Node = (PCM_KEY_NODE)HvGetCell(Hive, Cell); if (!Node) ASSERT(FALSE); - + /* Check if this was the last key */ if (Last) { @@ -1189,7 +1195,7 @@ CmpParseKey(IN PVOID ParseObject, &CellToRelease); if (!Node) ASSERT(FALSE); } - + /* Do the open */ Status = CmpDoOpen(Hive, Cell, @@ -1214,11 +1220,11 @@ CmpParseKey(IN PVOID ParseObject, Status = STATUS_OBJECT_NAME_NOT_FOUND; } } - + /* We are done */ break; } - + /* Is this an exit node */ if (Node->Flags & KEY_HIVE_EXIT) { @@ -1239,7 +1245,7 @@ CmpParseKey(IN PVOID ParseObject, 0, &NextName); if (!Kcb) ASSERT(FALSE); - + /* Dereference the parent and set the new one */ CmpDereferenceKeyControlBlock(ParentKcb); ParentKcb = Kcb; @@ -1275,7 +1281,7 @@ CmpParseKey(IN PVOID ParseObject, ParentKcb, Object); } - + /* Check for reparse (in this case, someone beat us) */ if (Status == STATUS_REPARSE) break; @@ -1295,7 +1301,7 @@ CmpParseKey(IN PVOID ParseObject, { /* Save the next name */ Current.Buffer = NextName.Buffer; - + /* Validate the current name string length */ if (Current.Length + NextName.Length > MAXUSHORT) { @@ -1304,7 +1310,7 @@ CmpParseKey(IN PVOID ParseObject, break; } Current.Length += NextName.Length; - + /* Validate the current name string maximum length */ if (Current.MaximumLength + NextName.MaximumLength > MAXUSHORT) { @@ -1313,7 +1319,7 @@ CmpParseKey(IN PVOID ParseObject, break; } Current.MaximumLength += NextName.MaximumLength; - + /* Parse the symlink */ if (CmpGetSymbolicLink(Hive, CompleteName, @@ -1363,7 +1369,7 @@ CmpParseKey(IN PVOID ParseObject, { /* Nothing to do */ } - + /* We're done */ break; } @@ -1378,7 +1384,7 @@ CmpParseKey(IN PVOID ParseObject, /* Dereference the parent if it exists */ Quickie: if (ParentKcb) CmpDereferenceKeyControlBlock(ParentKcb); - + /* Unlock the registry */ CmpUnlockRegistry(); return Status; diff --git a/reactos/ntoskrnl/config/cmsysini.c b/reactos/ntoskrnl/config/cmsysini.c index 4cd9165df2a..d917dfbd6b9 100644 --- a/reactos/ntoskrnl/config/cmsysini.c +++ b/reactos/ntoskrnl/config/cmsysini.c @@ -1104,7 +1104,7 @@ CmpLoadHiveThread(IN PVOID StartContext) //ULONG RegStart; ULONG PrimaryDisposition, SecondaryDisposition, ClusterSize; PCMHIVE CmHive; - HANDLE PrimaryHandle, LogHandle; + HANDLE PrimaryHandle = NULL, LogHandle = NULL; NTSTATUS Status = STATUS_SUCCESS; PVOID ErrorParameters; PAGED_CODE(); diff --git a/reactos/ntoskrnl/dbgk/dbgkobj.c b/reactos/ntoskrnl/dbgk/dbgkobj.c index 08bf5a82fc4..cdf081f4192 100644 --- a/reactos/ntoskrnl/dbgk/dbgkobj.c +++ b/reactos/ntoskrnl/dbgk/dbgkobj.c @@ -192,7 +192,7 @@ DbgkpQueueMessage(IN PEPROCESS Process, ObDereferenceObject(Process); /* Free the debug event */ - ExFreePool(DebugEvent); + ExFreePoolWithTag(DebugEvent, 'EgbD'); } } @@ -418,7 +418,7 @@ DbgkpFreeDebugEvent(IN PDEBUG_EVENT DebugEvent) /* Dereference process and thread and free the event */ ObDereferenceObject(DebugEvent->Process); ObDereferenceObject(DebugEvent->Thread); - ExFreePool(DebugEvent); + ExFreePoolWithTag(DebugEvent, 'EgbD'); } VOID diff --git a/reactos/ntoskrnl/ex/init.c b/reactos/ntoskrnl/ex/init.c index 4006494d998..9b8ec1e3f40 100644 --- a/reactos/ntoskrnl/ex/init.c +++ b/reactos/ntoskrnl/ex/init.c @@ -211,7 +211,7 @@ ExpInitNls(IN PLOADER_PARAMETER_BLOCK LoaderBlock) PLIST_ENTRY ListHead, NextEntry; PMEMORY_ALLOCATION_DESCRIPTOR MdBlock; ULONG NlsTablesEncountered = 0; - SIZE_T NlsTableSizes[3]; /* 3 NLS tables */ + SIZE_T NlsTableSizes[3] = {0, 0, 0}; /* 3 NLS tables */ /* Check if this is boot-time phase 0 initialization */ if (!ExpInitializationPhase) @@ -405,12 +405,11 @@ ExpLoadInitialProcess(IN PINIT_BUFFER InitBuffer, if (!NT_SUCCESS(Status)) { /* Failed, display error */ - p = InitBuffer->DebugBuffer; - _snwprintf(p, - 256 * sizeof(WCHAR), + _snwprintf(InitBuffer->DebugBuffer, + sizeof(InitBuffer->DebugBuffer)/sizeof(WCHAR), L"INIT: Unable to allocate Process Parameters. 0x%lx", Status); - RtlInitUnicodeString(&DebugString, p); + RtlInitUnicodeString(&DebugString, InitBuffer->DebugBuffer); ZwDisplayString(&DebugString); /* Bugcheck the system */ @@ -434,12 +433,11 @@ ExpLoadInitialProcess(IN PINIT_BUFFER InitBuffer, if (!NT_SUCCESS(Status)) { /* Failed, display error */ - p = InitBuffer->DebugBuffer; - _snwprintf(p, - 256 * sizeof(WCHAR), + _snwprintf(InitBuffer->DebugBuffer, + sizeof(InitBuffer->DebugBuffer)/sizeof(WCHAR), L"INIT: Unable to allocate Process Environment. 0x%lx", Status); - RtlInitUnicodeString(&DebugString, p); + RtlInitUnicodeString(&DebugString, InitBuffer->DebugBuffer); ZwDisplayString(&DebugString); /* Bugcheck the system */ @@ -560,12 +558,11 @@ ExpLoadInitialProcess(IN PINIT_BUFFER InitBuffer, if (!NT_SUCCESS(Status)) { /* Failed, display error */ - p = InitBuffer->DebugBuffer; - _snwprintf(p, - 256 * sizeof(WCHAR), + _snwprintf(InitBuffer->DebugBuffer, + sizeof(InitBuffer->DebugBuffer)/sizeof(WCHAR), L"INIT: Unable to create Session Manager. 0x%lx", Status); - RtlInitUnicodeString(&DebugString, p); + RtlInitUnicodeString(&DebugString, InitBuffer->DebugBuffer); ZwDisplayString(&DebugString); /* Bugcheck the system */ @@ -577,12 +574,11 @@ ExpLoadInitialProcess(IN PINIT_BUFFER InitBuffer, if (!NT_SUCCESS(Status)) { /* Failed, display error */ - p = InitBuffer->DebugBuffer; - _snwprintf(p, - 256 * sizeof(WCHAR), + _snwprintf(InitBuffer->DebugBuffer, + sizeof(InitBuffer->DebugBuffer)/sizeof(WCHAR), L"INIT: Unable to resume Session Manager. 0x%lx", Status); - RtlInitUnicodeString(&DebugString, p); + RtlInitUnicodeString(&DebugString, InitBuffer->DebugBuffer); ZwDisplayString(&DebugString); /* Bugcheck the system */ diff --git a/reactos/ntoskrnl/ex/sysinfo.c b/reactos/ntoskrnl/ex/sysinfo.c index c225d43c607..71460af220f 100644 --- a/reactos/ntoskrnl/ex/sysinfo.c +++ b/reactos/ntoskrnl/ex/sysinfo.c @@ -150,7 +150,7 @@ ExGetCurrentProcessorCpuUsage(PULONG CpuUsage) Prcb = KeGetCurrentPrcb(); - ScaledIdle = Prcb->IdleThread->KernelTime * 100; + ScaledIdle = (ULONGLONG)Prcb->IdleThread->KernelTime * 100; TotalTime = Prcb->KernelTime + Prcb->UserTime; if (TotalTime != 0) *CpuUsage = (ULONG)(100 - (ScaledIdle / TotalTime)); @@ -785,7 +785,7 @@ QSI_DEF(SystemProcessInformation) } } } - if (!ImageNameLength && Process != PsIdleProcess && Process->ImageFileName) + if (!ImageNameLength && Process != PsIdleProcess) { ImageNameLength = (USHORT)strlen(Process->ImageFileName) * sizeof(WCHAR); } @@ -824,7 +824,7 @@ QSI_DEF(SystemProcessInformation) /* Release the memory allocated by SeLocateProcessImageName */ ExFreePool(ProcessImageName); } - else if (Process->ImageFileName) + else { RtlInitAnsiString(&ImageName, Process->ImageFileName); RtlAnsiStringToUnicodeString(&SpiCurrent->ImageName, &ImageName, FALSE); diff --git a/reactos/ntoskrnl/fsrtl/filelock.c b/reactos/ntoskrnl/fsrtl/filelock.c index 27ded58135a..1e054212228 100644 --- a/reactos/ntoskrnl/fsrtl/filelock.c +++ b/reactos/ntoskrnl/fsrtl/filelock.c @@ -380,12 +380,13 @@ FsRtlPrivateLock(IN PFILE_LOCK FileLock, if (!FileLock->LockInformation) { LockInfo = ExAllocatePoolWithTag(NonPagedPool, sizeof(LOCK_INFORMATION), 'FLCK'); - FileLock->LockInformation = LockInfo; - if (!FileLock) { + if (!LockInfo) + { IoStatus->Status = STATUS_NO_MEMORY; return FALSE; } - + FileLock->LockInformation = LockInfo; + LockInfo->BelongsTo = FileLock; InitializeListHead(&LockInfo->SharedLocks); @@ -416,13 +417,13 @@ FsRtlPrivateLock(IN PFILE_LOCK FileLock, ToInsert.Exclusive.FileLock.ProcessId = Process->UniqueProcessId; ToInsert.Exclusive.FileLock.Key = Key; ToInsert.Exclusive.FileLock.ExclusiveLock = ExclusiveLock; - + Conflict = RtlInsertElementGenericTable (FileLock->LockInformation, &ToInsert, sizeof(ToInsert), &InsertedNew); - + if (Conflict && !InsertedNew) { if (Conflict->Exclusive.FileLock.ExclusiveLock || ExclusiveLock) @@ -475,8 +476,9 @@ FsRtlPrivateLock(IN PFILE_LOCK FileLock, for (i = 0; i < RtlNumberGenericTableElements(&LockInfo->RangeTable); i++) { Conflict = RtlGetElementGenericTable(&LockInfo->RangeTable, i); + /* The first argument will be inserted as a shared range */ - if (LockCompare(&LockInfo->RangeTable, Conflict, &ToInsert) == GenericEqual) + if (Conflict && (LockCompare(&LockInfo->RangeTable, Conflict, &ToInsert) == GenericEqual)) { if (Conflict->Exclusive.FileLock.ExclusiveLock) { @@ -520,8 +522,9 @@ FsRtlPrivateLock(IN PFILE_LOCK FileLock, Conflict->Exclusive.FileLock.StartingByte.LowPart, Conflict->Exclusive.FileLock.EndingByte.HighPart, Conflict->Exclusive.FileLock.EndingByte.LowPart); - Conflict = FsRtlpRebuildSharedLockRange - (FileLock, LockInfo, &ToInsert); + Conflict = FsRtlpRebuildSharedLockRange(FileLock, + LockInfo, + &ToInsert); if (!Conflict) { IoStatus->Status = STATUS_NO_MEMORY; @@ -918,7 +921,6 @@ FsRtlFastUnlockSingle(IN PFILE_LOCK FileLock, PLIST_ENTRY SharedRangeEntry; PLOCK_SHARED_RANGE WatchSharedRange; COMBINED_LOCK_ELEMENT RemadeElement; - PCOMBINED_LOCK_ELEMENT RemadeElementInserted = NULL; Find.Exclusive.FileLock.StartingByte = SharedRange->Start; Find.Exclusive.FileLock.EndingByte = SharedRange->End; SharedEntry = SharedRange->Entry.Flink; @@ -939,30 +941,28 @@ FsRtlFastUnlockSingle(IN PFILE_LOCK FileLock, SharedRangeEntry != &InternalInfo->SharedLocks; SharedRangeEntry = SharedRangeEntry->Flink) { - COMBINED_LOCK_ELEMENT Find; + COMBINED_LOCK_ELEMENT LockElement; WatchSharedRange = CONTAINING_RECORD(SharedRangeEntry, LOCK_SHARED_RANGE, Entry); - Find.Exclusive.FileLock.StartingByte = WatchSharedRange->Start; - Find.Exclusive.FileLock.EndingByte = WatchSharedRange->End; - if (LockCompare(&InternalInfo->RangeTable, &RemadeElement, &Find) != GenericEqual) + LockElement.Exclusive.FileLock.StartingByte = WatchSharedRange->Start; + LockElement.Exclusive.FileLock.EndingByte = WatchSharedRange->End; + if (LockCompare(&InternalInfo->RangeTable, &RemadeElement, &LockElement) != GenericEqual) { DPRINT("Skipping range %08x%08x:%08x%08x\n", - Find.Exclusive.FileLock.StartingByte.HighPart, - Find.Exclusive.FileLock.StartingByte.LowPart, - Find.Exclusive.FileLock.EndingByte.HighPart, - Find.Exclusive.FileLock.EndingByte.LowPart); + LockElement.Exclusive.FileLock.StartingByte.HighPart, + LockElement.Exclusive.FileLock.StartingByte.LowPart, + LockElement.Exclusive.FileLock.EndingByte.HighPart, + LockElement.Exclusive.FileLock.EndingByte.LowPart); continue; } DPRINT("Re-creating range %08x%08x:%08x%08x\n", - Find.Exclusive.FileLock.StartingByte.HighPart, - Find.Exclusive.FileLock.StartingByte.LowPart, - Find.Exclusive.FileLock.EndingByte.HighPart, - Find.Exclusive.FileLock.EndingByte.LowPart); + LockElement.Exclusive.FileLock.StartingByte.HighPart, + LockElement.Exclusive.FileLock.StartingByte.LowPart, + LockElement.Exclusive.FileLock.EndingByte.HighPart, + LockElement.Exclusive.FileLock.EndingByte.LowPart); RtlZeroMemory(&RemadeElement, sizeof(RemadeElement)); RemadeElement.Exclusive.FileLock.StartingByte = WatchSharedRange->Start; RemadeElement.Exclusive.FileLock.EndingByte = WatchSharedRange->End; - RemadeElementInserted = - FsRtlpRebuildSharedLockRange - (FileLock, InternalInfo, &RemadeElement); + FsRtlpRebuildSharedLockRange(FileLock, InternalInfo, &RemadeElement); } } else diff --git a/reactos/ntoskrnl/fsrtl/notify.c b/reactos/ntoskrnl/fsrtl/notify.c index 3fdb49e66b8..a9bd1a24afc 100644 --- a/reactos/ntoskrnl/fsrtl/notify.c +++ b/reactos/ntoskrnl/fsrtl/notify.c @@ -586,6 +586,13 @@ FsRtlNotifyFilterChangeDirectory(IN PNOTIFY_SYNC NotifySync, /* Allocate new notification */ NotifyChange = ExAllocatePoolWithTag(PagedPool | POOL_RAISE_IF_ALLOCATION_FAILURE, sizeof(NOTIFY_CHANGE), 'FSrN'); + + /* + * If NotifyChange == NULL then an + * exception was already raised. + */ + ASSERT(NotifyChange != NULL); + RtlZeroMemory(NotifyChange, sizeof(NOTIFY_CHANGE)); /* Set basic information */ diff --git a/reactos/ntoskrnl/fstub/disksup.c b/reactos/ntoskrnl/fstub/disksup.c index 32d6a78e8f0..210f0d097b1 100644 --- a/reactos/ntoskrnl/fstub/disksup.c +++ b/reactos/ntoskrnl/fstub/disksup.c @@ -446,38 +446,46 @@ xHalIoAssignDriveLetters(IN PLOADER_PARAMETER_BLOCK LoaderBlock, DPRINT("RDiskCount %d\n", RDiskCount); - Buffer1 = (PWSTR)ExAllocatePoolWithTag(PagedPool, - 64 * sizeof(WCHAR), TAG_FILE_SYSTEM); - Buffer2 = (PWSTR)ExAllocatePoolWithTag(PagedPool, - 32 * sizeof(WCHAR), TAG_FILE_SYSTEM); - - PartialInformation = (PKEY_VALUE_PARTIAL_INFORMATION)ExAllocatePoolWithTag(PagedPool, - sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(REG_DISK_MOUNT_INFO), TAG_FILE_SYSTEM); + Buffer1 = ExAllocatePoolWithTag(PagedPool, + 64 * sizeof(WCHAR), + TAG_FILE_SYSTEM); + if (!Buffer1) return; + + Buffer2 = ExAllocatePoolWithTag(PagedPool, + 32 * sizeof(WCHAR), + TAG_FILE_SYSTEM); + if (!Buffer2) + { + ExFreePoolWithTag(Buffer1, TAG_FILE_SYSTEM); + return; + } - if (!Buffer1 || !Buffer2 || !PartialInformation) return; + PartialInformation = ExAllocatePoolWithTag(PagedPool, + sizeof(KEY_VALUE_PARTIAL_INFORMATION) + sizeof(REG_DISK_MOUNT_INFO), + TAG_FILE_SYSTEM); + if (!PartialInformation) + { + ExFreePoolWithTag(Buffer2, TAG_FILE_SYSTEM); + ExFreePoolWithTag(Buffer1, TAG_FILE_SYSTEM); + return; + } DiskMountInfo = (PREG_DISK_MOUNT_INFO) PartialInformation->Data; - /* Open or Create the 'MountedDevices' key */ + /* Create or open the 'MountedDevices' key */ RtlInitUnicodeString(&UnicodeString1, L"\\Registry\\Machine\\SYSTEM\\MountedDevices"); InitializeObjectAttributes(&ObjectAttributes, &UnicodeString1, - OBJ_CASE_INSENSITIVE, + OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL); - Status = ZwOpenKey(&hKey, + Status = ZwCreateKey(&hKey, KEY_ALL_ACCESS, - &ObjectAttributes); - if (!NT_SUCCESS(Status)) - { - Status = ZwCreateKey(&hKey, - KEY_ALL_ACCESS, - &ObjectAttributes, - 0, - NULL, - REG_OPTION_NON_VOLATILE, - NULL); - } + &ObjectAttributes, + 0, + NULL, + REG_OPTION_NON_VOLATILE, + NULL); if (!NT_SUCCESS(Status)) { hKey = NULL; @@ -535,7 +543,8 @@ xHalIoAssignDriveLetters(IN PLOADER_PARAMETER_BLOCK LoaderBlock, ExFreePoolWithTag(PartialInformation, TAG_FILE_SYSTEM); ExFreePoolWithTag(Buffer2, TAG_FILE_SYSTEM); ExFreePoolWithTag(Buffer1, TAG_FILE_SYSTEM); - if (hKey) ZwClose(hKey); + if (hKey) ObCloseHandle(hKey, KernelMode); + return; } RtlZeroMemory(LayoutArray, @@ -951,10 +960,7 @@ end_assign_disks: ExFreePoolWithTag(PartialInformation, TAG_FILE_SYSTEM); ExFreePoolWithTag(Buffer2, TAG_FILE_SYSTEM); ExFreePoolWithTag(Buffer1, TAG_FILE_SYSTEM); - if (hKey) - { - ZwClose(hKey); - } + if (hKey) ObCloseHandle(hKey, KernelMode); } #endif diff --git a/reactos/ntoskrnl/fstub/fstubex.c b/reactos/ntoskrnl/fstub/fstubex.c index 74797e9ddd6..6564df9f949 100644 --- a/reactos/ntoskrnl/fstub/fstubex.c +++ b/reactos/ntoskrnl/fstub/fstubex.c @@ -985,7 +985,7 @@ FstubReadPartitionTableEFI(IN PDISK_INFORMATION Disk, if ((Disk->SectorCount - 1ULL) != EfiHeader.AlternateLBA) { /* We'll update it. First, count number of sectors needed to store partitions */ - SectorsForPartitions = (EfiHeader.NumberOfEntries * PARTITION_ENTRY_SIZE) / Disk->SectorSize; + SectorsForPartitions = ((ULONGLONG)EfiHeader.NumberOfEntries * PARTITION_ENTRY_SIZE) / Disk->SectorSize; /* Then set first usable LBA: Legacy MBR + GPT header + Partitions entries */ EfiHeader.FirstUsableLBA = SectorsForPartitions + 2; /* Then set last usable LBA: Last sector - GPT header - Partitions entries */ diff --git a/reactos/ntoskrnl/include/internal/cm.h b/reactos/ntoskrnl/include/internal/cm.h index bc4ca1775ba..ad13a95b072 100644 --- a/reactos/ntoskrnl/include/internal/cm.h +++ b/reactos/ntoskrnl/include/internal/cm.h @@ -801,10 +801,10 @@ NTAPI CmpOpenHiveFiles( IN PCUNICODE_STRING BaseName, IN PCWSTR Extension OPTIONAL, - IN PHANDLE Primary, - IN PHANDLE Log, - IN PULONG PrimaryDisposition, - IN PULONG LogDisposition, + OUT PHANDLE Primary, + OUT PHANDLE Log, + OUT PULONG PrimaryDisposition, + OUT PULONG LogDisposition, IN BOOLEAN CreateAllowed, IN BOOLEAN MarkAsSystemHive, IN BOOLEAN NoBuffering, diff --git a/reactos/ntoskrnl/io/iomgr/device.c b/reactos/ntoskrnl/io/iomgr/device.c index 172312402c9..0b1a8861fb4 100644 --- a/reactos/ntoskrnl/io/iomgr/device.c +++ b/reactos/ntoskrnl/io/iomgr/device.c @@ -227,11 +227,14 @@ IoShutdownSystem(IN ULONG Phase) NULL, &Event, &StatusBlock); - Status = IoCallDriver(DeviceObject, Irp); - if (Status == STATUS_PENDING) + if (Irp) { - /* Wait on the driver */ - KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + Status = IoCallDriver(DeviceObject, Irp); + if (Status == STATUS_PENDING) + { + /* Wait on the driver */ + KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + } } /* Remove the flag */ diff --git a/reactos/ntoskrnl/io/iomgr/driver.c b/reactos/ntoskrnl/io/iomgr/driver.c index ba23a12bd9a..d2d28b83b2a 100644 --- a/reactos/ntoskrnl/io/iomgr/driver.c +++ b/reactos/ntoskrnl/io/iomgr/driver.c @@ -795,6 +795,11 @@ LdrProcessDriverModule(PLDR_DATA_TABLE_ENTRY LdrEntry, &MissingApiName, &MissingDriverName, &LoadedImports); + + /* Free the temporary buffer */ + ExFreePoolWithTag(Buffer, TAG_LDR_WSTR); + + /* Check the result of the imports resolution */ if (!NT_SUCCESS(Status)) return Status; /* Return */ diff --git a/reactos/ntoskrnl/io/iomgr/ioevent.c b/reactos/ntoskrnl/io/iomgr/ioevent.c index 01b4f8dc22c..c21129e2927 100644 --- a/reactos/ntoskrnl/io/iomgr/ioevent.c +++ b/reactos/ntoskrnl/io/iomgr/ioevent.c @@ -42,12 +42,17 @@ IopCreateEvent(IN PUNICODE_STRING EventName, if (!NT_SUCCESS(Status)) return NULL; /* Get a handle to it */ - ObReferenceObjectByHandle(Handle, - 0, - ExEventObjectType, - KernelMode, - (PVOID*)&Event, - NULL); + Status = ObReferenceObjectByHandle(Handle, + 0, + ExEventObjectType, + KernelMode, + (PVOID*)&Event, + NULL); + if (!NT_SUCCESS(Status)) + { + ZwClose(Handle); + return NULL; + } /* Dereference the extra count, and return the handle */ ObDereferenceObject(Event); diff --git a/reactos/ntoskrnl/io/iomgr/iofunc.c b/reactos/ntoskrnl/io/iomgr/iofunc.c index 7eeb30b19da..7882d70ca56 100644 --- a/reactos/ntoskrnl/io/iomgr/iofunc.c +++ b/reactos/ntoskrnl/io/iomgr/iofunc.c @@ -119,7 +119,7 @@ IopPerformSynchronousRequest(IN PDEVICE_OBJECT DeviceObject, { NTSTATUS Status; PKNORMAL_ROUTINE NormalRoutine; - PVOID NormalContext; + PVOID NormalContext = NULL; KIRQL OldIrql; PAGED_CODE(); IOTRACE(IO_API_DEBUG, "IRP: %p. DO: %p. FO: %p \n", diff --git a/reactos/ntoskrnl/io/iomgr/iorsrce.c b/reactos/ntoskrnl/io/iomgr/iorsrce.c index 978985b5fe0..febd24b5b3d 100644 --- a/reactos/ntoskrnl/io/iomgr/iorsrce.c +++ b/reactos/ntoskrnl/io/iomgr/iorsrce.c @@ -701,7 +701,7 @@ IopStoreSystemPartitionInformation(IN PUNICODE_STRING NtSystemPartitionDeviceNam UNICODE_STRING LinkTarget, KeyName; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE LinkHandle, RegistryHandle, KeyHandle; - WCHAR LinkTargetBuffer[256], KeyNameBuffer[sizeof(L"SystemPartition") / sizeof(WCHAR)]; + WCHAR LinkTargetBuffer[256]; UNICODE_STRING CmRegistryMachineSystemName = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SYSTEM"); ASSERT(NtSystemPartitionDeviceName->MaximumLength >= NtSystemPartitionDeviceName->Length + sizeof(WCHAR)); @@ -760,13 +760,9 @@ IopStoreSystemPartitionInformation(IN PUNICODE_STRING NtSystemPartitionDeviceNam return; } - /* We'll store in Setup subkey, and as we love fun, we use only one buffer for three writings... */ - wcscpy(KeyNameBuffer, L"Setup"); - KeyName.Length = sizeof(L"Setup") - sizeof(UNICODE_NULL); - KeyName.MaximumLength = sizeof(L"Setup"); - KeyName.Buffer = KeyNameBuffer; + /* Open or create the Setup subkey where we'll store in */ + RtlInitUnicodeString(&KeyName, L"Setup"); - /* So, open or create the subkey */ Status = IopCreateRegistryKeyEx(&KeyHandle, RegistryHandle, &KeyName, @@ -784,9 +780,7 @@ IopStoreSystemPartitionInformation(IN PUNICODE_STRING NtSystemPartitionDeviceNam } /* Prepare first data writing... */ - wcscpy(KeyNameBuffer, L"SystemPartition"); - KeyName.Length = sizeof(L"SystemPartition") - sizeof(UNICODE_NULL); - KeyName.MaximumLength = sizeof(L"SystemPartition"); + RtlInitUnicodeString(&KeyName, L"SystemPartition"); /* Write SystemPartition value which is the target of the symbolic link */ Status = ZwSetValueKey(KeyHandle, @@ -800,10 +794,8 @@ IopStoreSystemPartitionInformation(IN PUNICODE_STRING NtSystemPartitionDeviceNam DPRINT("Failed writing SystemPartition value!\n"); } - /* Prepare for second data writing... */ - wcscpy(KeyName.Buffer, L"OsLoaderPath"); - KeyName.Length = sizeof(L"OsLoaderPath") - sizeof(UNICODE_NULL); - KeyName.MaximumLength = sizeof(L"OsLoaderPath"); + /* Prepare for second data writing... */ + RtlInitUnicodeString(&KeyName, L"OsLoaderPath"); /* Remove trailing slash if any (one slash only excepted) */ if (OsLoaderPathName->Length > sizeof(WCHAR) && diff --git a/reactos/ntoskrnl/io/iomgr/ramdisk.c b/reactos/ntoskrnl/io/iomgr/ramdisk.c index 3ca2d0351d8..5f37a1dc402 100644 --- a/reactos/ntoskrnl/io/iomgr/ramdisk.c +++ b/reactos/ntoskrnl/io/iomgr/ramdisk.c @@ -224,7 +224,7 @@ IopStartRamdisk(IN PLOADER_PARAMETER_BLOCK LoaderBlock) // Build the symbolic link name and target // _snwprintf(SourceString, - sizeof(SourceString), + sizeof(SourceString)/sizeof(WCHAR), L"\\Device\\Ramdisk%wZ", &GuidString); SymbolicLinkName.Length = 38; diff --git a/reactos/ntoskrnl/io/iomgr/volume.c b/reactos/ntoskrnl/io/iomgr/volume.c index 12cc4a7ebb2..98163904ef2 100644 --- a/reactos/ntoskrnl/io/iomgr/volume.c +++ b/reactos/ntoskrnl/io/iomgr/volume.c @@ -377,11 +377,14 @@ IopShutdownBaseFileSystems(IN PLIST_ENTRY ListHead) NULL, &Event, &StatusBlock); - Status = IoCallDriver(DeviceObject, Irp); - if (Status == STATUS_PENDING) + if (Irp) { - /* Wait on the driver */ - KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + Status = IoCallDriver(DeviceObject, Irp); + if (Status == STATUS_PENDING) + { + /* Wait on the driver */ + KeWaitForSingleObject(&Event, Executive, KernelMode, FALSE, NULL); + } } /* Reset the event */ diff --git a/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c b/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c index 9f73218bcf0..eedf193e62f 100644 --- a/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c +++ b/reactos/ntoskrnl/io/pnpmgr/pnpnotify.c @@ -80,7 +80,7 @@ IopNotifyPlugPlayNotification( if (!NT_SUCCESS(Status)) { KeReleaseGuardedMutex(&PnpNotifyListLock); - ExFreePool(NotificationStructure); + ExFreePoolWithTag(NotificationStructure, TAG_PNP_NOTIFY); return; } break; @@ -177,21 +177,22 @@ IopNotifyPlugPlayNotification( case EventCategoryTargetDeviceChange: { Status = IoGetRelatedTargetDevice(ChangeEntry->FileObject, &EntryDeviceObject); - if (NT_SUCCESS(Status)) - { - if (DeviceObject == EntryDeviceObject) - { - if (Event == &GUID_PNP_CUSTOM_NOTIFICATION) - { - ((PTARGET_DEVICE_CUSTOM_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; - } - else - { - ((PTARGET_DEVICE_REMOVAL_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; - } - CallCurrentEntry = TRUE; - } + if (NT_SUCCESS(Status)) + { + if (DeviceObject == EntryDeviceObject) + { + if (Event == &GUID_PNP_CUSTOM_NOTIFICATION) + { + ((PTARGET_DEVICE_CUSTOM_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; + } + else + { + ((PTARGET_DEVICE_REMOVAL_NOTIFICATION)NotificationStructure)->FileObject = ChangeEntry->FileObject; + } + CallCurrentEntry = TRUE; + } } + break; } default: { diff --git a/reactos/ntoskrnl/kdbg/kdb_cli.c b/reactos/ntoskrnl/kdbg/kdb_cli.c index 2a87d3945b8..3d2ee34c62b 100644 --- a/reactos/ntoskrnl/kdbg/kdb_cli.c +++ b/reactos/ntoskrnl/kdbg/kdb_cli.c @@ -864,7 +864,7 @@ KdbpCmdRegs( else if (Argv[0][0] == 'c') /* cregs */ { ULONG Cr0, Cr2, Cr3, Cr4; - KDESCRIPTOR Gdtr, Idtr; + KDESCRIPTOR Gdtr = {0, 0, 0}, Idtr = {0, 0, 0}; USHORT Ldtr; static const PCHAR Cr0Bits[32] = { " PE", " MP", " EM", " TS", " ET", " NE", NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, diff --git a/reactos/ntoskrnl/ke/i386/cpu.c b/reactos/ntoskrnl/ke/i386/cpu.c index 8e63a9e5c35..cd4c017d740 100644 --- a/reactos/ntoskrnl/ke/i386/cpu.c +++ b/reactos/ntoskrnl/ke/i386/cpu.c @@ -1137,7 +1137,7 @@ NTAPI INIT_FUNCTION KiI386PentiumLockErrataFixup(VOID) { - KDESCRIPTOR IdtDescriptor; + KDESCRIPTOR IdtDescriptor = {0, 0, 0}; PKIDTENTRY NewIdt, NewIdt2; /* Allocate memory for a new IDT */ diff --git a/reactos/ntoskrnl/ke/profobj.c b/reactos/ntoskrnl/ke/profobj.c index 60ab5b1b5e7..d137e12836d 100644 --- a/reactos/ntoskrnl/ke/profobj.c +++ b/reactos/ntoskrnl/ke/profobj.c @@ -142,7 +142,7 @@ KeStartProfile(IN PKPROFILE Profile, KeLowerIrql(OldIrql); /* Free the pool */ - if (FreeBuffer) ExFreePool(SourceBuffer); + if (FreeBuffer) ExFreePoolWithTag(SourceBuffer, 'forP'); /* Return whether we could start the profile */ return StartedProfile; diff --git a/reactos/ntoskrnl/ob/oblife.c b/reactos/ntoskrnl/ob/oblife.c index 9dccf5645be..636130bca2d 100644 --- a/reactos/ntoskrnl/ob/oblife.c +++ b/reactos/ntoskrnl/ob/oblife.c @@ -1429,7 +1429,7 @@ NtQueryObject(IN HANDLE ObjectHandle, POBJECT_HEADER ObjectHeader = NULL; POBJECT_HANDLE_ATTRIBUTE_INFORMATION HandleFlags; POBJECT_BASIC_INFORMATION BasicInfo; - ULONG InfoLength; + ULONG InfoLength = 0; PVOID Object = NULL; NTSTATUS Status; KPROCESSOR_MODE PreviousMode = ExGetPreviousMode(); diff --git a/reactos/ntoskrnl/ob/oblink.c b/reactos/ntoskrnl/ob/oblink.c index af95e487ac5..aa7ff090dab 100644 --- a/reactos/ntoskrnl/ob/oblink.c +++ b/reactos/ntoskrnl/ob/oblink.c @@ -595,7 +595,12 @@ NtCreateSymbolicLinkObject(OUT PHANDLE LinkHandle, ExAllocatePoolWithTag(PagedPool, CapturedLinkTarget.MaximumLength, TAG_SYMLINK_TARGET); - if (!SymbolicLink->LinkTarget.Buffer) return STATUS_NO_MEMORY; + if (!SymbolicLink->LinkTarget.Buffer) + { + /* Dereference the symbolic link object and fail */ + ObDereferenceObject(SymbolicLink); + return STATUS_NO_MEMORY; + } /* Copy it */ RtlCopyMemory(SymbolicLink->LinkTarget.Buffer, diff --git a/reactos/ntoskrnl/ob/obsdcach.c b/reactos/ntoskrnl/ob/obsdcach.c index 840298e3a61..7573ba69f0f 100644 --- a/reactos/ntoskrnl/ob/obsdcach.c +++ b/reactos/ntoskrnl/ob/obsdcach.c @@ -427,7 +427,7 @@ ObLogSecurityDescriptor(IN PSECURITY_DESCRIPTOR InputSecurityDescriptor, *OutputSecurityDescriptor = &SdHeader->SecurityDescriptor; /* Free anything that we may have had to create */ - if (NewHeader) ExFreePool(NewHeader); + if (NewHeader) ExFreePoolWithTag(NewHeader, TAG_OB_SD_CACHE); return STATUS_SUCCESS; } diff --git a/reactos/ntoskrnl/ob/obsecure.c b/reactos/ntoskrnl/ob/obsecure.c index 28014b4ad80..3982258fcd6 100644 --- a/reactos/ntoskrnl/ob/obsecure.c +++ b/reactos/ntoskrnl/ob/obsecure.c @@ -217,7 +217,7 @@ ObCheckCreateObjectAccess(IN PVOID Object, { POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; - PSECURITY_DESCRIPTOR SecurityDescriptor; + PSECURITY_DESCRIPTOR SecurityDescriptor = NULL; BOOLEAN SdAllocated; BOOLEAN Result = TRUE; ACCESS_MASK GrantedAccess = 0; @@ -280,7 +280,7 @@ ObpCheckTraverseAccess(IN PVOID Object, { POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; - PSECURITY_DESCRIPTOR SecurityDescriptor; + PSECURITY_DESCRIPTOR SecurityDescriptor = NULL; BOOLEAN SdAllocated; BOOLEAN Result; ACCESS_MASK GrantedAccess = 0; @@ -338,7 +338,7 @@ ObpCheckObjectReference(IN PVOID Object, { POBJECT_HEADER ObjectHeader; POBJECT_TYPE ObjectType; - PSECURITY_DESCRIPTOR SecurityDescriptor; + PSECURITY_DESCRIPTOR SecurityDescriptor = NULL; BOOLEAN SdAllocated; BOOLEAN Result; ACCESS_MASK GrantedAccess = 0; diff --git a/reactos/ntoskrnl/po/power.c b/reactos/ntoskrnl/po/power.c index 577c308ba45..3ccb9babc72 100644 --- a/reactos/ntoskrnl/po/power.c +++ b/reactos/ntoskrnl/po/power.c @@ -79,11 +79,11 @@ PopSendQuerySystemPowerState(PDEVICE_OBJECT DeviceObject, SYSTEM_POWER_STATE Sys PIO_STACK_LOCATION IrpSp; PIRP Irp; NTSTATUS Status; - + KeInitializeEvent(&Event, NotificationEvent, FALSE); - + Irp = IoBuildSynchronousFsdRequest(IRP_MJ_POWER, DeviceObject, NULL, @@ -91,13 +91,14 @@ PopSendQuerySystemPowerState(PDEVICE_OBJECT DeviceObject, SYSTEM_POWER_STATE Sys NULL, &Event, &IoStatusBlock); - + if (!Irp) return STATUS_INSUFFICIENT_RESOURCES; + IrpSp = IoGetNextIrpStackLocation(Irp); IrpSp->MinorFunction = IRP_MN_QUERY_POWER; IrpSp->Parameters.Power.Type = SystemPowerState; IrpSp->Parameters.Power.State.SystemState = SystemState; IrpSp->Parameters.Power.ShutdownType = PowerAction; - + Status = PoCallDriver(DeviceObject, Irp); if (Status == STATUS_PENDING) { @@ -108,7 +109,7 @@ PopSendQuerySystemPowerState(PDEVICE_OBJECT DeviceObject, SYSTEM_POWER_STATE Sys NULL); Status = IoStatusBlock.Status; } - + return Status; } @@ -120,11 +121,11 @@ PopSendSetSystemPowerState(PDEVICE_OBJECT DeviceObject, SYSTEM_POWER_STATE Syste PIO_STACK_LOCATION IrpSp; PIRP Irp; NTSTATUS Status; - + KeInitializeEvent(&Event, NotificationEvent, FALSE); - + Irp = IoBuildSynchronousFsdRequest(IRP_MJ_POWER, DeviceObject, NULL, @@ -132,13 +133,14 @@ PopSendSetSystemPowerState(PDEVICE_OBJECT DeviceObject, SYSTEM_POWER_STATE Syste NULL, &Event, &IoStatusBlock); - + if (!Irp) return STATUS_INSUFFICIENT_RESOURCES; + IrpSp = IoGetNextIrpStackLocation(Irp); IrpSp->MinorFunction = IRP_MN_SET_POWER; IrpSp->Parameters.Power.Type = SystemPowerState; IrpSp->Parameters.Power.State.SystemState = SystemState; IrpSp->Parameters.Power.ShutdownType = PowerAction; - + Status = PoCallDriver(DeviceObject, Irp); if (Status == STATUS_PENDING) { @@ -149,7 +151,7 @@ PopSendSetSystemPowerState(PDEVICE_OBJECT DeviceObject, SYSTEM_POWER_STATE Syste NULL); Status = IoStatusBlock.Status; } - + return Status; } diff --git a/reactos/ntoskrnl/ps/kill.c b/reactos/ntoskrnl/ps/kill.c index ada581ee870..d864d96c08e 100644 --- a/reactos/ntoskrnl/ps/kill.c +++ b/reactos/ntoskrnl/ps/kill.c @@ -1006,7 +1006,7 @@ PspTerminateThreadByPointer(IN PETHREAD Thread, } /* We failed, free the APC */ - ExFreePool(Apc); + ExFreePoolWithTag(Apc, TAG_TERMINATE_APC); /* Return Status */ return Status; diff --git a/reactos/ntoskrnl/ps/security.c b/reactos/ntoskrnl/ps/security.c index 76f33ff3d16..4a9c0916d82 100644 --- a/reactos/ntoskrnl/ps/security.c +++ b/reactos/ntoskrnl/ps/security.c @@ -221,7 +221,7 @@ PspSetPrimaryToken(IN PEPROCESS Process, PACCESS_TOKEN NewToken = Token; NTSTATUS Status, AccessStatus; BOOLEAN Result, SdAllocated; - PSECURITY_DESCRIPTOR SecurityDescriptor; + PSECURITY_DESCRIPTOR SecurityDescriptor = NULL; SECURITY_SUBJECT_CONTEXT SubjectContext; PSTRACE(PS_SECURITY_DEBUG, "Process: %p Token: %p\n", Process, Token); @@ -638,7 +638,7 @@ PsImpersonateClient(IN PETHREAD Thread, if (OldData) { /* Someone beat us to it, free our copy */ - ExFreePool(Impersonation); + ExFreePoolWithTag(Impersonation, TAG_PS_IMPERSONATION); Impersonation = OldData; } }