From 37036c6740078be7c175b66c8bebff6edb498b36 Mon Sep 17 00:00:00 2001 From: shefty Date: Thu, 22 May 2008 01:59:21 +0000 Subject: [PATCH] indexlist: fix dereferencing NULL pointer If the indexlist has not grown, then pArray is NULL. Calls to the IndexList API will end up accessing a NULL pointer. To avoid adding checks (pArray != NULL) in the API, allocate an 'EmptyList' index entry that pArray can reference until the first allocation is done. Signed-off-by: Sean Hefty git-svn-id: svn://openib.tc.cornell.edu/gen1@1200 ad392aa1-c5ef-ae45-8dd8-e69d62a5ef86 --- branches/winverbs/core/winverbs/kernel/index_list.c | 4 +++- branches/winverbs/core/winverbs/kernel/index_list.h | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/branches/winverbs/core/winverbs/kernel/index_list.c b/branches/winverbs/core/winverbs/kernel/index_list.c index e6e1296d..552c67b3 100644 --- a/branches/winverbs/core/winverbs/kernel/index_list.c +++ b/branches/winverbs/core/winverbs/kernel/index_list.c @@ -29,6 +29,8 @@ #include "index_list.h" +INDEX_ENTRY EmptyList; + static BOOLEAN IndexListGrow(INDEX_LIST *pIndexList) { INDEX_ENTRY *array; @@ -47,7 +49,7 @@ static BOOLEAN IndexListGrow(INDEX_LIST *pIndexList) pIndexList->FreeList = i; } - if (pIndexList->pArray != NULL) { + if (pIndexList->pArray != &EmptyList) { RtlCopyMemory(array, pIndexList->pArray, pIndexList->Size * sizeof(INDEX_ENTRY)); ExFreePool(pIndexList->pArray); } else { diff --git a/branches/winverbs/core/winverbs/kernel/index_list.h b/branches/winverbs/core/winverbs/kernel/index_list.h index dd9eac8f..ec0ab7f1 100644 --- a/branches/winverbs/core/winverbs/kernel/index_list.h +++ b/branches/winverbs/core/winverbs/kernel/index_list.h @@ -42,6 +42,8 @@ typedef struct _INDEX_ENTRY } INDEX_ENTRY; +extern INDEX_ENTRY EmptyList; + // Synchronization must be provided by the caller. typedef struct _INDEX_LIST { @@ -53,12 +55,14 @@ typedef struct _INDEX_LIST static void IndexListInit(INDEX_LIST *pIndexList) { - RtlZeroMemory(pIndexList, sizeof(INDEX_LIST)); + pIndexList->pArray = &EmptyList; + pIndexList->FreeList = 0; + pIndexList->Size = 0; } static void IndexListDestroy(INDEX_LIST *pIndexList) { - if (pIndexList->pArray != NULL) { + if (pIndexList->pArray != &EmptyList) { ExFreePool(pIndexList->pArray); } } -- 2.41.0