From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Fri, 20 Jul 2012 05:00:38 +0000 (-0400)
Subject: Windows: avoid memory overrun during extent release
X-Git-Tag: upstream/1.8.0_pre1^2~2199
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=91f17adf01e54302b0c8d86df5627214f0bdf5d0;p=packages%2Fo%2Fopenafs.git

Windows: avoid memory overrun during extent release

While tearing down extents, if an extent is found to be in use
it will be skipped.  Must use 'ulReleaseCount' as the index
into the released extent array.

Change-Id: Iaf8a82c77ac8f4ddb30b35f43a4ce7a70f4a32a8
Reviewed-on: http://gerrit.openafs.org/7796
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp b/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp
index 83d2986fa..1c2373680 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSExtentsSupport.cpp
@@ -236,16 +236,14 @@ AFSTearDownFcbExtents( IN AFSFcb *Fcb,
                 if( pEntry->ActiveCount == 0)
                 {
 
-                    ulReleaseCount++;
-
-                    pRelease->FileExtents[ulProcessCount].Flags = AFS_EXTENT_FLAG_RELEASE;
+                    pRelease->FileExtents[ulReleaseCount].Flags = AFS_EXTENT_FLAG_RELEASE;
 
 #if GEN_MD5
-                    RtlCopyMemory( pRelease->FileExtents[ulProcessCount].MD5,
+                    RtlCopyMemory( pRelease->FileExtents[ulReleaseCount].MD5,
                                    pEntry->MD5,
                                    sizeof(pEntry->MD5));
 
-                    pRelease->FileExtents[ulProcessCount].Flags |= AFS_EXTENT_FLAG_MD5_SET;
+                    pRelease->FileExtents[ulReleaseCount].Flags |= AFS_EXTENT_FLAG_MD5_SET;
 #endif
 
                     if( BooleanFlagOn( pEntry->Flags, AFS_EXTENT_DIRTY))
@@ -256,7 +254,7 @@ AFSTearDownFcbExtents( IN AFSFcb *Fcb,
                         AFSRemoveEntryDirtyList( Fcb,
                                                  pEntry);
 
-                        pRelease->FileExtents[ulProcessCount].Flags |= AFS_EXTENT_FLAG_DIRTY;
+                        pRelease->FileExtents[ulReleaseCount].Flags |= AFS_EXTENT_FLAG_DIRTY;
 
                         dirtyCount = InterlockedDecrement( &Fcb->Specific.File.ExtentsDirtyCount);
 
@@ -275,11 +273,13 @@ AFSTearDownFcbExtents( IN AFSFcb *Fcb,
                                   pEntry->FileOffset.LowPart,
                                   pEntry->Size);
 
-                    pRelease->FileExtents[ulProcessCount].Length = pEntry->Size;
-                    pRelease->FileExtents[ulProcessCount].DirtyLength = pEntry->Size;
-                    pRelease->FileExtents[ulProcessCount].DirtyOffset = 0;
-                    pRelease->FileExtents[ulProcessCount].CacheOffset = pEntry->CacheOffset;
-                    pRelease->FileExtents[ulProcessCount].FileOffset = pEntry->FileOffset;
+                    pRelease->FileExtents[ulReleaseCount].Length = pEntry->Size;
+                    pRelease->FileExtents[ulReleaseCount].DirtyLength = pEntry->Size;
+                    pRelease->FileExtents[ulReleaseCount].DirtyOffset = 0;
+                    pRelease->FileExtents[ulReleaseCount].CacheOffset = pEntry->CacheOffset;
+                    pRelease->FileExtents[ulReleaseCount].FileOffset = pEntry->FileOffset;
+
+                    ulReleaseCount++;
 
                     AFSFreeExtent( Fcb,
                                    pEntry);