From 5cb03586f576717f84d692e1a5a802fedb57cf51 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Herm=C3=A8s=20B=C3=A9lusca-Ma=C3=AFto?= Date: Mon, 19 Jun 2017 16:29:44 +0000 Subject: [PATCH] [NTOS]: Revert the pool tag change from r75128, and explain in comment why we cannot actually use it. svn path=/trunk/; revision=75133 --- reactos/ntoskrnl/ob/oblife.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/reactos/ntoskrnl/ob/oblife.c b/reactos/ntoskrnl/ob/oblife.c index c37a9c2d09c..342117997d8 100644 --- a/reactos/ntoskrnl/ob/oblife.c +++ b/reactos/ntoskrnl/ob/oblife.c @@ -351,8 +351,19 @@ ObpFreeObjectNameBuffer(IN PUNICODE_STRING Name) /* We know this is a pool-allocation if the size doesn't match */ if (Name->MaximumLength != OBP_NAME_LOOKASIDE_MAX_SIZE) { - /* Free it from the pool */ - ExFreePoolWithTag(Buffer, OB_NAME_TAG); + /* + * Free it from the pool. + * + * We cannot use here ExFreePoolWithTag(..., OB_NAME_TAG); , because + * the object name may have been massaged during operation by different + * object parse routines. If the latter ones have to resolve a symbolic + * link (e.g. as is done by CmpParseKey() and CmpGetSymbolicLink()), + * the original object name is freed and re-allocated from the pool, + * possibly with a different pool tag. At the end of the day, the new + * object name can be reallocated and completely different, but we + * should still be able to free it! + */ + ExFreePool(Buffer); } else { -- 2.17.1