Author: rmessiant
Date: Sun Mar 6 00:37:10 2011
New Revision: 50978
URL: http://svn.reactos.org/svn/reactos?rev=50978&view=rev
Log:
[HEAP]
- RtlpInsertUnCommittedPages: Don't rely on linked list data in an UCR
Descriptor after destroying it.
No functionality change because the linked list data was still "as expected",
but not something we want to rely on.
- RtlpCreateUnCommittedRange: Fix a typo that caused the head of UCR Segment
list of the Heap to be treated as an UCR Segment header.
Side effects of the typo: When this list wasn't empty, the (fake) UCR Segment
it described was grown to contain more UCR descriptors.
Due to the data involved, this always happened to be the initial Heap
Segment, which contains the Heap Header.
Writing the new UCR descriptors caused the Heap Header and trailing Heap
Entries to be partially corrupted.
Modified:
trunk/reactos/lib/rtl/heap.c
Modified: trunk/reactos/lib/rtl/heap.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/lib/rtl/heap.c?rev=50978&r1=50977&r2=50978&view=diff
==============================================================================
--- trunk/reactos/lib/rtl/heap.c [iso-8859-1] (original)
+++ trunk/reactos/lib/rtl/heap.c [iso-8859-1] Sun Mar 6 00:37:10 2011
@@ -414,7 +414,7 @@
if (IsListEmpty(&Heap->UCRList))
{
/* Get a pointer to the first UCR segment */
- UcrSegment = CONTAINING_RECORD(&Heap->UCRSegments.Flink,
HEAP_UCR_SEGMENT, ListEntry);
+ UcrSegment = CONTAINING_RECORD(Heap->UCRSegments.Flink,
HEAP_UCR_SEGMENT, ListEntry);
/* Check the list of UCR segments */
if (IsListEmpty(&Heap->UCRSegments) ||
@@ -539,8 +539,11 @@
Address = (ULONG_PTR)UcrDescriptor->Address;
Size += UcrDescriptor->Size;
- /* Remove it from the list and destroy it */
- RemoveEntryList(Current);
+ /* Advance to the next descriptor */
+ Current = Current->Flink;
+
+ /* Remove the current descriptor from the list and destroy it */
+ RemoveEntryList(&UcrDescriptor->SegmentEntry);
RtlpDestroyUnCommittedRange(Segment, UcrDescriptor);
Segment->NumberOfUnCommittedRanges--;
